News
IcedID malware ATTACK comment
January 2023 by Sean Deuby, Director of Services, Semperis
After the stories on the IcedID malware ATTACK which gained access to organisations’ networks through Active Directory (AD), the comment from Sean Deuby, Director of Services, Semperis on the reported IcedID malware ATTACK:
“Threat actors gain initial access to organizations via a variety of methods. Ultimately, though, almost all attackers go through Active Directory—either as a path to gain access to their objectives or to cripple AD and thus cripple the organization. Gartner has created a new cybersecurity category, Identity Threat Detection and Response (ITDR), to address the need to protect identity systems like AD, which form the basis of Zero Trust security architectures.
Threat actors who infiltrate AD can quickly begin making changes for privilege escalation or persistence. For example, attackers using IcedID malware reportedly were able to compromise an AD domain less than 24 hours after initial AD access.
An ITDR solution that monitors and automatically rolls back suspicious or unauthorized changes in AD can slow down such attacks and alert defenders to take action. Such automation, along with dedicated AD backups and recovery tools, are vital parts of a responsive and effective cyber defense plan.”
