On September 26, the National Security Agency (NSA) joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) and others in releasing the Cybersecurity Technical Report (CTR), “Detecting and Mitigating Active Directory Compromises.” The guidance provides prevention and detection strategies for the most prevalent techniques used to target Active Directory (AD).
Gaining control over AD gives malicious actors privileged access to all systems and users managed by AD, according to the CTR. With privileged access, malicious actors can bypass other controls and access systems, including email and file servers, and critical business applications. Malicious actors can also modify AD information to establish persistent access and remotely login to organizations, bypassing multi-factor authentication (MFA) controls.
“Like numerous other networks, Active Directory is used in many Department of Defense and Defense Industrial Base networks as a critical component for managing identities and access,” said Dave Luber, NSA Cybersecurity Director. “This makes it an attractive target for malicious actors to attempt to steal the proverbial ‘keys to the kingdom.’ Taking steps to properly defend AD from these common and advanced techniques will detect and prevent adversary activities and protect sensitive data from determined malicious cyber actors.”
First released by Microsoft in 1999, Active Directory is the most widely used authentication and authorization solution in enterprise Information Technology (IT) networks globally. This guidance addresses the most common techniques used against Active Directory Domain Services, Active Directory Federation Services, and Active Directory Certificate of Services, detailing each technique and how to mitigate it.
Read the full report here.
Source: NSA
IC News delivers the situational awareness you need to get ahead and stay ahead in the IC contracting space. Subscribe today for full access to 10,000+ articles, plus new articles each weekday.
By 
