From the Front Lines
Categories
- Active Directory Backup & Recovery (56)
- Active Directory Security (178)
- AD Security 101 (15)
- Community Tools (17)
- Directory Modernization (9)
- From the Front Lines (67)
- Hybrid Identity Protection (59)
- Identity Attack Catalog (9)
- Identity Threat Detection & Response (120)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (13)
- Threat Research (47)
- Uncategorized (1)
CISA’s Ransomware Guidance Is Reminder to Include AD in Recovery Plan
- Semperis Team
- Feb 22, 2021
Any ransomware recovery plan needs to include regular file backups and encrypted data with offline copies, as the Cybersecurity and Infrastructure Security Agency (CISA) recently reminded as part of the organization’s campaign to drive awareness of its ransomware guidance and resources. The guidance includes best practices and checklists to help…
Hybrid Identity Protection (HIP) Predictions for 2021
- Thomas Leduc
- Dec 23, 2020
2020 was a hugely disruptive year across the globe. And while cybersecurity may have been background noise to a world tuned to health and financial issues, widespread cyberattacks have left reverberations that will be felt for years to come. We asked expert speakers from the recent Hybrid Identity Protection (HIP) Conference to share a brief look back at what happened in 2020 and what they're focusing on in the year ahead as…
NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise
- Chris Roberts
- Dec 15, 2020
Last week, news broke that a sophisticated adversary penetrated FireEye's network and stole the company's Red Team assessment tools. The attack is reportedly linked to a larger supply-chain assault that struck government, consulting, technology, and telecom organizations throughout North America, Europe, Asia, and the Middle East. To get an idea of what this stolen toolset…
Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable
- Darren Mar-Elia
- Dec 04, 2020
The latest ransomware-as-a-service attack leaves the well-known retailer, Kmart, with service outages and a compromised Active Directory. In the wake of Maze ransomware "retiring" last month, many of its affiliates have moved to the new kid on the ransomware block, Egregor. Named after an occult term meaning the collective energy or force…
The Stakes Are Higher in Healthcare: Fighting Cybercrime During a Pandemic
- Gil Kirkpatrick
- Nov 18, 2020
In the healthcare industry, cybersecurity issues have consequences that go well beyond the loss of data. Recently, the FBI and other federal agencies warned of a credible threat of "increased and imminent cybercrime" to U.S. hospitals and healthcare providers. Criminal groups target the healthcare sector to carry out "data theft…
From Sandworm to a Safer Tomorrow: Lessons from Hybrid Identity Protection 2020
- Thomas Leduc
- Oct 30, 2020
Four days, 23 speakers and 1576 attendees later, the third annual Hybrid Identity Protection 2020 (HIP) conference has come to a close. And despite being all virtual for the first time, this year’s event was one of the most powerful to date. Day 1 – Crisis Management Just 24 hours…
The Weaponization of Active Directory: An Inside Look at Ransomware Attacks Ryuk, Maze, and SaveTheQueen
- Thomas Leduc
- Oct 02, 2020
Like never before, Active Directory (AD) is in the attackers’ crosshairs. In this blog, we'll examine how ransomware attacks are abusing AD and how enterprises can evolve their defensive strategies to stay ahead of attackers. First, a quick note about the recent privilege escalation vulnerability dubbed Zerologon, which allows an unauthenticated attacker with network access to…
New survey reveals dangerous gaps in crisis management plans
- Thomas Leduc
- Aug 25, 2020
When a storm hits, the one who is most prepared is the one who will weather it best. For IT, this storm is digital, a flurry of cyberattacks that routinely touches down on the shores of Microsoft Active Directory (AD). AD is a juicy target, and we all know why.…
