Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

This month, the Semperis Research Team highlights a CISA warning about May Windows updates, Conti cyberattacks on the Costa Rican government, and a credential stuffing attack that compromised GM car owners’ data.

CISA warns against installing May Windows updates on domain controllers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advised agencies not to install patches for two elevations of privilege vulnerabilities in Kerberos and Active Directory Domain Services because they will cause authentication problems when deployed on Windows Server domain controllers.

Read more

Costa Rican president declares national emergency following Conti cyberattacks

The newly elected Costa Rican President Rodrigo Chaves declared a national emergency following cyberattacks executed by the Conti ransomware group that targeted multiple government entities. Conti’s tactics include compromising Active Directory domain credentials.

Read more

Verizon DBIR reveals that stolen credentials led to nearly 50% of attacks

The Verizon 2022 Data Breach Investigations Report (DBIR) found that nearly 50% of cyberattacks last year were caused by malicious actors using stolen credentials, which can then be leveraged to achieve domain dominance.

Read more

Threat actors compromise GM car owners’ data in credential stuffing attack

U.S. auto manufacturer General Motors (GM) reported that threat actors launched a credential stuffing attack that compromised GM car owners’ data by targeting GM’s online bills management and rewards platform.

Read more

More resources

Revisiting the Colonial Pipeline Cyberattack, One Year Later | Semperis
Combatting a BlackCat Ransomware Active Directory Attack | Semperis
3 Steps to Help Protect Active Directory from Cyberattacks | Semperis

The post Identity Attack Watch: May 2022 appeared first on Semperis.