Australia: New Guidelines Released to Protect Against Active Directory Cyber Attacks

The Australian Signals Directorate (ASD) has released new advice to help organizations defend against cyber threats targeting Microsoft's widely used Active Directory system. The guideline, published on September 26, 2024, outlines how to detect and prevent attacks on this crucial network management tool.

Why it matters: Active Directory is a key component in managing access and permissions across many companies' IT networks. Its widespread use makes it a prime target for cybercriminals looking to break into networks. The ASD's guidance details 17 common techniques that hackers use to exploit vulnerabilities in Active Directory.

What's included: The advice covers attacks on various parts of the system, including:

• Active Directory Domain Services (AD DS)

• Active Directory Federation Services (AD FS)

• Active Directory Certificate Services (AD CS)

It explains how hackers typically gain access by escalating their privileges or moving through the network undetected, using methods like Kerberoasting, password spraying, and Golden Certificate attacks.

New detection method: The ASD also suggests using "canary objects"—a way to spot an attack early by creating fake objects within the network. If these fake objects are accessed, it triggers an alert, helping organizations catch potential breaches before they escalate.

The new guidelines are part of Australia's broader effort to improve cybersecurity and protect organizations from increasingly sophisticated cyberattacks - Reference is officially released here