Active Directory Backup & Recovery

The Practical ROI of a Quick Active Directory Recovery

The Practical ROI of a Quick Active Directory Recovery

  • Sean Deuby | Principal Technologist, Americas

While every IT manager or administrator knows that a solid Active Directory recovery plan is an essential component of any business continuity strategy, calculating the practical return on investment (ROI) of an optimized AD recovery plan is notoriously tricky. Too many variables are at play to generate a defensible, exact…

Hafnium Attack Timeline

Hafnium Attack Timeline

  • Sean Deuby | Principal Technologist, Americas

The attacks on Microsoft Exchange servers around the world by Chinese state-sponsored threat group Hafnium are believed to have affected over 21,000 organizations. The impact of these attacks is growing as the four zero-day vulnerabilities are getting picked up by new threat actors. While the world was introduced to these…

CISA’s Ransomware Guidance Is Reminder to Include AD in Recovery Plan

CISA’s Ransomware Guidance Is Reminder to Include AD in Recovery Plan

  • Semperis Team

Any ransomware recovery plan needs to include regular file backups and encrypted data with offline copies, as the Cybersecurity and Infrastructure Security Agency (CISA) recently reminded as part of the organization’s campaign to drive awareness of its ransomware guidance and resources. The guidance includes best practices and checklists to help…

NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise

NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise

  • Chris Roberts

Last week, news broke that a sophisticated adversary penetrated FireEye's network and stole the company's Red Team assessment tools. The attack is reportedly linked to a larger supply-chain assault that struck government, consulting, technology, and telecom organizations throughout North America, Europe, Asia, and the Middle East.   To get an idea of what this stolen toolset…

Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable

Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable

  • Darren Mar-Elia | VP of Products

The latest ransomware-as-a-service attack leaves the well-known retailer, Kmart, with service outages and a compromised Active Directory.   In the wake of Maze ransomware "retiring" last month, many of its affiliates have moved to the new kid on the ransomware block, Egregor. Named after an occult term meaning the collective energy or force…

The Stakes Are Higher in Healthcare: Fighting Cybercrime During a Pandemic

The Stakes Are Higher in Healthcare: Fighting Cybercrime During a Pandemic

  • Gil Kirkpatrick

In the healthcare industry, cybersecurity issues have consequences that go well beyond the loss of data. Recently, the FBI and other federal agencies warned of a credible threat of "increased and imminent cybercrime" to U.S. hospitals and healthcare providers. Criminal groups target the healthcare sector to carry out "data theft…

Hackers go phishing

The Weaponization of Active Directory: An Inside Look at Ransomware Attacks Ryuk, Maze, and SaveTheQueen

  • Thomas Leduc

Like never before, Active Directory (AD) is in the attackers’ crosshairs. In this blog, we'll examine how ransomware attacks are abusing AD and how enterprises can evolve their defensive strategies to stay ahead of attackers.   First, a quick note about the recent privilege escalation vulnerability dubbed Zerologon, which allows an unauthenticated attacker with network access to…

Takeaways from Zerologon: The Latest Domain Controller Attack

Takeaways from Zerologon: The Latest Domain Controller Attack

  • Thomas Leduc

If there was ever a time to re-examine the security of your Active Directory, it’s now. In response to rising concerns about the notorious Zerologon vulnerability (CVE-2020-1472), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an "Emergency Directive" to federal agencies to apply Microsoft's patch immediately. Enterprises would…