Active Directory Security

Hybrid Identity Protection (HIP) Predictions for 2021

Hybrid Identity Protection (HIP) Predictions for 2021

  • Thomas Leduc

2020 was a hugely disruptive year across the globe. And while cybersecurity may have been background noise to a world tuned to health and financial issues, widespread cyberattacks have left reverberations that will be felt for years to come.  We asked expert speakers from the recent Hybrid Identity Protection (HIP) Conference to share a brief look back at what happened in 2020 and what they're focusing on in the year ahead as…

NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise

NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise

  • Chris Roberts

Last week, news broke that a sophisticated adversary penetrated FireEye's network and stole the company's Red Team assessment tools. The attack is reportedly linked to a larger supply-chain assault that struck government, consulting, technology, and telecom organizations throughout North America, Europe, Asia, and the Middle East.   To get an idea of what this stolen toolset…

Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable

Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable

  • Darren Mar-Elia | VP of Products

The latest ransomware-as-a-service attack leaves the well-known retailer, Kmart, with service outages and a compromised Active Directory.   In the wake of Maze ransomware "retiring" last month, many of its affiliates have moved to the new kid on the ransomware block, Egregor. Named after an occult term meaning the collective energy or force…

The Stakes Are Higher in Healthcare: Fighting Cybercrime During a Pandemic

The Stakes Are Higher in Healthcare: Fighting Cybercrime During a Pandemic

  • Gil Kirkpatrick

In the healthcare industry, cybersecurity issues have consequences that go well beyond the loss of data. Recently, the FBI and other federal agencies warned of a credible threat of "increased and imminent cybercrime" to U.S. hospitals and healthcare providers. Criminal groups target the healthcare sector to carry out "data theft…

New Research: Detecting DCShadow on Rogue Hosts

New Research: Detecting DCShadow on Rogue Hosts

  • Darren Mar-Elia | VP of Products

10,000-foot view: Many of us are familiar with the variety of tools, attacks, and adversaries that focus on breaching Active Directory. With the release in 2018 of DCShadow, another highly effective vector was added to that ever-increasing list. To the credit of the research team, along with the exploit, they…

U.S. Indictment of Sandworm Highlights the Importance of Protecting Active Directory

U.S. Indictment of Sandworm Highlights the Importance of Protecting Active Directory

  • Sean Deuby | Principal Technologist

The latest development in the 2017 NotPetya Attack saga should be a reminder for organizations that it only takes a handful of cybercriminals to take down all of your operations.   Last week, the US Department of Justice announced charges including computer fraud and conspiracy against six hackers of the cybercriminal group known…

Hackers go phishing

The Weaponization of Active Directory: An Inside Look at Ransomware Attacks Ryuk, Maze, and SaveTheQueen

  • Thomas Leduc

Like never before, Active Directory (AD) is in the attackers’ crosshairs. In this blog, we'll examine how ransomware attacks are abusing AD and how enterprises can evolve their defensive strategies to stay ahead of attackers.   First, a quick note about the recent privilege escalation vulnerability dubbed Zerologon, which allows an unauthenticated attacker with network access to…

Takeaways from Zerologon: The Latest Domain Controller Attack

Takeaways from Zerologon: The Latest Domain Controller Attack

  • Thomas Leduc

If there was ever a time to re-examine the security of your Active Directory, it’s now. In response to rising concerns about the notorious Zerologon vulnerability (CVE-2020-1472), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an "Emergency Directive" to federal agencies to apply Microsoft's patch immediately. Enterprises would…