Even as the cyber threat landscape is becoming more complex and dangerous, there seems to be an increase in the awareness levels on the importance of guarding one’s digital properties and networks. This sounds very good and encouraging. But bad news is that the hackers are able to reach the Active Directory (AD), one of the critical assets for a company, in less than a day.
AD typically manages identity and access to resources across an organisation, meaning attackers can use AD to easily escalate their privileges on a system to simply log in and carry out a wide range of malicious activity.
According to the latest report by cybersecurity company Sophos, the average dwell time (the time an intruder lurks around in a computer network or a device undetected) has come down to eight days from 10 days in the first half of 2023.
With regard to ransomware attacks, the dwell time comes down to five days. In 2022, the median dwell time decreased from 15 to 10 days.
Also read: India’s AI talent pool on LinkedIn has grown 14-fold since 2016
The Active Adversary Report for Tech Leaders 2023, which provides an in-depth look at attacker behaviours and tools during the first half of 2023, analysed Sophos’ Incident Response (IR) cases from January to July 2023.
“It took on average less than a day—approximately 16 hours—for attackers to reach Active Directory (AD),” he said.
“Attacking an organisation’s Active Directory infrastructure makes sense from an offensive view. AD is usually the most powerful and privileged system in the network, providing broad access to the systems, applications, resources, and data that attackers can exploit in their attacks,” John Shier, field CTO, Sophos, said.
“When an attacker controls AD, they can control the organisation. The impact, escalation, and recovery overhead of an Active Directory attack is why it’s targeted,” he said.
“Getting to and gaining control of the Active Directory server in the attack chain provides adversaries several advantages. They can linger undetected to determine their next move, and, once they’re ready to go, they can blast through a victim’s network unimpeded,” he said.
Full recovery from a domain compromise can be a lengthy and arduous effort. Such an attack damages the foundation of security upon which an organization’s infrastructure relies. Very often, a successful AD attack means a security team has to start from scratch.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.