AD is a common target in public sector cyberattacks
Active Directory is the core identity store for 90% of organizations worldwide, including state and local governments. Sophisticated cyber criminals such as Vice Society and LockBit 2.0 have relentlessly targeted public firefighting services, schools, universities, and city and county services.
Vice Society targets multiple schools in the UK
UK attack on 14 schools in fall 2022 was claimed by Vice Society, which uses ransomware including BlackCat to compromise Active Directory and gain control of the victim organization’s network environment.
LockBit hits county in Virginia
LockBit ransomware gang claimed an attack on Southampton County, Virginia, that compromised personal data. The LockBit group uses various tactics, techniques, and procedures (TTPs) to compromise victim organizations, including abusing AD group policies to encrypt devices across Windows domains.