As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To help IT and identity security professionals understand and improve AD security, the Semperis Research Team publishes a monthly roundup of recent identity-related cyberattacks. This month’s highlights include the LockBit ransomware group’s recent attacks on a Portuguese water utility and ION financial software, both of which involved exploiting Active Directory Group Policy vulnerabilities.
LockBit hits Portuguese water utility and ION financial software
The LockBit ransomware group, whose tactics include exploiting Active Directory Group Policy vulnerabilities, claimed responsibility for an attack on the Portuguese water utility Aguas e Energia do Porto and an attack on ION Group, a financial software company. LockBit also claimed the January cyberattack on Royal Mail.
New crypto-mining malware targets Microsoft Exchange ProxyShell flaws
New malware called ProxyShellMiner uses Microsoft Exchange ProxyShell vulnerabilities to deploy crypto-mining software through a Windows domain. In addition to causing service outages, slowing server performance, and overheating computers, the malware creates a backdoor that can be used for code execution.
More resources
- How to Evaluate Identity Threat Detection & Response (ITDR) Solutions | Semperis
- 3 Steps to Protect AD from Wiperware | Semperis
- SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover | Semperis