The National Security Agency and the Cybersecurity and Infrastructure Security Agency have collaborated with counterparts in Australia, Canada, New Zealand and the United Kingdom in developing a cybersecurity technical report and guidance to mitigate the Microsoft Active Directory platform’s vulnerabilities to cyber-attacks.
The guidebook, titled “Detecting and Mitigating Active Directory Compromises,” provides strategies to prevent and detect the most common techniques for malicious AD access, NSA said Thursday.
The 80-page report lists and describes the 17 techniques malicious actors commonly use to target AD, as well as recommends mitigation strategies against the cyber threats.
One of the cyberattack tactics that the report identified involves password spraying, which seeks authentication through a single or multiple passwords deployed on AD targets. As one security control to help deter password spraying, the guidance suggests long passwords with a minimum of 30 characters for local administrator and service accounts.
Microsoft launched AD in 1999 and became the most popular authentication and authorization platform in enterprise information technology networks worldwide.
Dave Luber, NSA cybersecurity director, noted that many networks of the Department of Defense and the defense industrial base rely on AD and are attractive cyberattack targets.
“Taking steps to properly defend AD from these common and advanced techniques will detect and prevent adversary activities and protect sensitive data from determined malicious cyber actors,” he said.
The NSA recently published a cybersecurity advisory, in coordination with the FBI, the U.S. Cyber Command’s Cyber National Mission Force and international allies, to alert on China-linked threat actors who hacked into internet-connected devices to create a botnet and execute malicious online activity.
