Active Directory becomes the main gateway for attackers

top cybersecurity companies

Derek Melber, Tenable’s Chief Technology and Security Strategist, explains: “90 percent of Fortune 1000 companies use Active Directory to manage access and permissions. It is therefore not surprising that AD is the common denominator of the biggest security attacks like SolarWinds, MSFT Exchange, and others. The points of attack will continue to vary, and more will inevitably be added. Regardless of how attack tactics change in the coming year, AD will remain the primary target because it is simply too lucrative for attackers to pass up. Ransomware trends will come and go, but threat actors will continue to use a misconfigured AD to move sideways, expand privilege, and wreak havoc. Companies must patch and secure all configurations that are known to be exploited, otherwise a break-in can be expected in 2022. “

Nathan Wenzler, Tenable’s chief security strategist, added: “While in the past threat actors have used major events to launch attacks on unsuspecting, distracted users, 2021 has changed the playing field. Now teleworking is the perfect distraction for attackers to launch social engineering attacks. After all, only a third of remote workers strictly adhere to their company’s security guidelines. Remote workers have an average of eight devices connected to their home network, which offers an abundance of opportunities for attackers to exploit.

Looking ahead to 2022, threat actors will continue to seize the opportunities this new world of work presents and attempt to compromise every device on the home network in order to gain access to the most valuable data on the corporate network. All it takes is a single employee falling victim to a single, well-thought-out social engineering trick. This makes end users the perfect target for today’s attackers who want to gain access to corporate networks, databases and other valuable resources. “

Marty Edwards, VP, Operational Technology at Tenable, predicts: “Attacks like those on Colonial Pipeline have made the issue of security tangible even for non-security experts. Rising gasoline prices and the queues at the pumps, as has been the case in the United States, is something the ordinary citizen, CEO, and Congressman can understand. Every board member is now interested in the cyber risk that exists for their company. Stakeholders are investing more than ever, and policy makers are no exception. If government and the private sector can identify their shared priorities and work together for a safer world, 2022 will be a promising climate for improvement. “

When it comes to ransomware, Edwards believes. “2022 will bring new strategies for ransomware operators instead of focusing on low hanging fruit and scaling up their attacks. They will be more selective in choosing their targets, trying to strike a balance between making money and being prosecuted by law enforcement. To outsmart this equation, companies no longer have to try to prevent enemy missions, but instead prevent them from paying off. In other words, companies need to make these attacks cost too much to carry out. If the reward doesn’t cover the cost of the investment, then the threat actors won’t carry it out. “

Bob Huber, Chief Security Officer at Tenable, on cloud migrations: “Almost half of companies have moved business-critical functions to the cloud as a direct result of the pandemic. However, cloud migration requires special considerations that are likely to be overlooked in 2022. For example, detecting and preventing malicious activity in the cloud is very different from limiting damage on-premise. Then there are the intricacies of working with cloud providers and other corporate actors who want to quickly introduce new services in the cloud. Unless companies educate all of their teams – and not just security teams – about securing the cloud, they will inevitably pay the price as the migration speeds up. “

James Hayes, VP, Government Affairs, Tenable: “Security will be the focus of government concerns in 2021. As a result, more and more authorities will tighten their security precautions in 2022 – through the introduction of Zero Trust, better insight into attack surfaces, increased cooperation and much more. This will become increasingly noticeable in high risk environments that are often targeted by foreign attackers, such as critical infrastructures and operational technologies (OT). Securing the country’s infrastructure is more important than ever, and the authorities will set their priorities accordingly. “

Bernard Montel, EMEA Technical Director and Cybersecurity Strategist at Tenable: 2The attacks on SolarWinds and Kaseya have increased concerns about the integrity of the software supply chain. Threat actors quickly realized that they could capitalize on the resulting domino effect. If a system is compromised, many more victims are at risk. It is to be feared that the extent to which companies accelerate their innovation projects or migrate to the cloud in order to meet the requirements of hybrid working models, the dependencies on third-party providers (e.g. software-as-a-service) will continue to increase will. Corresponding attacks will therefore also increase. Organizations need to be aware that reliance on third-party vendors, including those that offer security-as-a-service, can increase risk.

In an independent study carried out by Forrester Consulting on behalf of Tenable, 72 percent of respondents in Germany said that their company had experienced a cyber attack that resulted from the compromise of third-party software or vendors in the past 12 months. 20 percent of respondents said that they have limited or no insight into the work of third-party providers and partners.

There is consensus in the security community that attacks will increase again next year, as they do every year. It is therefore imperative for companies to take a risk-based approach and get a clear picture of the criticality of their assets and know where they are. Organizations need to understand their expanded attack surface and ensure that they have the same level of governance in the cloud as they would have on-premises. Managers should take the time to assess what and, perhaps more importantly, to whom they are delegating tasks and what security measures are in place. At the same time, when developing applications, companies should think about security before anything goes into production or uploaded to the cloud. “

Leave a Reply

Your email address will not be published. Required fields are marked *