Experts security reported the risks that Active Directory faces. The service that is built into most Windows Server operating systems is the key to managing them domain Windows networks. But this hides the danger of being used by hackers.
According to many Information Security professionals, Active Directory is the basic identity platform for many businesses around the world. It is used to connect different systems to each other and as a result has been their primary goal hackers. This is because if someone who attempts to attack is able to get into Active Directory, then he could potentially access all the systems that are connected to that network.
A digital forensic investigation conducted by security company Bitdefender identified a gang Cybercrime also known as Carbanak, which features one malware named Cobalt Strike Beacon. Bitdefender said malware has the ability to run system commands, keyboard capture, capture screenshots, and even develop memory editing tools like Mimikatz or many Active Directory hosts. All of the above can help aspiring hackers gain access to other systems.
Rapid7 made a report titled Under the 2019 Hoodie. There are summarized 180 penetration tests over a nine month period. 40% of the tests focused on identifying weaknesses and exposure to the dangers of the internet. 36% on the other focused on internal network ratings. According to the survey, each business has at least one vulnerability that a hacker can exploit.
Of the vulnerabilities detected during internal testing, Rapid7 stated that 11% contained credentials found in memory, which may possibly allow a hacker to access other systems. Meanwhile, 9% of all internal weaknesses include Kerberoasting.
Kerberoasting is a term devised by Tim Medin. In essence, it is a privilege escalation technique that proves to be very effective in extracting service account credentials in one domain.
Last June, the general inspector of the ministry said the inadequate management of Active Directory threatened the United States Patent and Trademark Office.
Rapid7 tester Nick Powers, in the company's report, was looking for wireless and internal network vulnerabilities in a system of eight hospitals. There the wireless network was very well locked. But the network had many non-formal ones Appliances, most of which were medical. Some were running outdated versions of Windows. One such had accessed an Active Directory user, which allowed the user to retrieve that user's credentials from memory.
Experts argue that there are specific defenses that should be created and operating in organizations to avoid such problems.