Have you ever heard of lateral movement? If not, it’s important to understand this concept and how it can impact your IT security. Lateral movement occurs when an attacker has compromised one device or system in a network and uses that compromise as a springboard to get into other devices or systems. For example, the MERCURY threat actor recently used lateral movement to spread ransomware throughout a target network.
The MERCURY attack started with the exploitation of the log4j vulnerability, followed by establishing persistence and then a slow spread of lateral movement throughout the network. The attacker used group policy objects to interfere with security tools and then to distribute ransomware via the NETLOGON shares on Active Directory domain controllers. Once they were solidly established in the network, they followed two related plans of attack: one against on-premises resources and one against Azure.
Although Microsoft didn’t say so, it’s hard to escape the conclusion that there was no anti-malware scanning deployed inside the network, and that controls on GPOs (including auditing and monitoring) were relatively weak. To protect against similar attacks, it’s important to ensure that you have adequate protection for your domain controllers and GPOs, audit which accounts have global admin permission in your Microsoft 365 estate, and apply MFA to all privileged accounts. Monitoring for unusual activity on the Azure AD connector and AD DS connector accounts can also help protect your network.
At Aura Advanced Technologies, we offer top-notch IT services and solutions to help secure your IT environment. Don’t wait until it’s too late to protect your organization from lateral movement attacks. Contact us today to learn more about our IT services and solutions and how we can help safeguard your network.
Lateral Movement and the MERCURY Threat
Have you ever heard of lateral movement? If not, it's important to understand this concept and how it can impact your IT security. Lateral movement occurs when an attacker has compromised one device or system [...]
Benefits of Private and Edge Computing
The world of computing has evolved significantly over the past few years. With the advent of cloud computing and edge computing, organizations have been able to leverage advanced technologies to boost their productivity, efficiency, and [...]
What Is Infrastructure-As-A-Service and Do You Need It
As the digital revolution continues to grow and penetrate various parts of a business, many companies, regardless of size, struggle to meet the need for more affordable, secure, and scalable infrastructures. This can seriously affect [...]
Why Should You Backup Your Business Data__ A Guide
Backing up business data is critical to any organization in order to protect against data loss. In particular, backing up your website is important in case your website crashes or something goes wrong with it. [...]
Infrastructure as a Service & Why Your Business Needs It
As businesses increasingly move their operations and data online, the need for reliable and scalable infrastructure services has never been greater. Infrastructure as a Service (IaaS) is a type of cloud computing that provides businesses [...]
5 Benefits of Investing in Data Backup and Recovery
In today's world, data is power. Organizations generate a lot of data, which needs to be protected from loss. Businesses hold critical data which needs to be safeguarded. Without the proper data recovery and backup [...]