Why are Active Directories particularly vulnerable?
For an attacker, an Active Directory is a perfect place to hide from security teams and their standardized tools. Once inside the system, hackers use specialized tools to map the entire Active Directory environment. By doing so, they can identify valuable resources, systems, and privileged user accounts to exploit to their advantage.
Why are Active Directories popular points of attack?
Most organizations now use an Active Directory as a standard tool to manage user and computer access to corporate resources. Every computer on the corporate network must have access to Active Directory for the network environment to function properly. Therefore, it makes a hacker’s job much easier.
Why do hackers find Active Directory admin accounts so interesting?
Administrators usually have extended privileges and can create and configure their own domains, retrieve data and access protected areas. By misusing existing credentials, such as an admin account, hackers can go undetected for a very long time.
What techniques and tools do hackers use to look for administrator accounts in an Active Directory?
Among other techniques, attackers use phishing and man-in-the-middle techniques. Tools such as the Bloodhound can be used to scan any Active Directory for administrator user accounts.
How is an attacker redirected into the Deception environment?
When Cybertrap Active Directory Deception is active, the hacker receives fake credentials when scanning for admin accounts. As soon as these are used, the attacker automatically ends up in a perfect replica of the corporate network (the Deception environment), and the IT administrator in charge is notified.
Why doesn’t the attacker realize that he is getting false credentials?
The credentials that the attacker receives are intended for actual systems with real operating systems and services, the so-called traps (decoys). Therefore, he can never determine whether these credentials are real or fake because they do not differ in any way from real credentials.