Cybercriminals have been busy this summer, and many of the attacks have targeted Active Directory. In the month of July alone, attackers exploited Microsoft vulnerabilities that led to the PrintNightmare and PetitPotam attacks, in addition to other flaws that were not directly related to Active Directory. The REvil ransomware group used the zero-day vulnerability to deliver malware through a fake, automated update to Kaseya’s VSA solution, which MSPs across the U.S. and the United Kingdom use to manage their clients’ systems. And a MeteorExpress wiper attack used Active Directory to compromise Iran’s train system.
In this informal discussion with Sean Deuby (Semperis Director of Services), we’ll talk about how these attacks worked, what they might have in common, and how you can take steps to guard against them. What you’ll take away:
- How these attacks used Active Directory as an entry point
- How attackers are building upon past success to compromise identity systems
- How to guard against common attack methods and step up monitoring for sophisticated Active Directory attacks