26 September 2024
The National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate and other international partners to release joint guidance that informs organisations about 17 common techniques used to target Active Directory, as observed by the authoring agencies.
Microsoft’s Active Directory is the most widely used authentication and authorisation solution in enterprise IT networks globally. Its pivotal role makes it a valuable target for malicious actors, and it is routinely targeted as part of malicious activity on enterprise networks.
Active Directory is vulnerable due to its:
- permissive default settings,
- complex relationships and permissions,
- legacy protocol support, and
- limited tools for diagnosing security issues.
These issues are frequently exploited by malicious actors to compromise Active Directory.
Responding to and recovering from a compromise involving Active Directory can be time-consuming, costly, and disruptive. This guidance encourages organisations to implement the recommended mitigations to better protect their environments and prevent future compromises.
Detecting and Mitigating Active Directory Compromises | Australian Signals Directorate External Link