On the 9th, LG CNS announced that it will release an in-depth 'Security Vulnerability Analysis Report' based on big data.
LG CNS's 'Purple Lab' classified 10 representative Active Directory (AD) attack techniques by referencing threat intelligence big data that collects, analyzes, and utilizes information to respond to global cyber threats through the report.
LG CNS conducted blue team simulation exercises that patch systems based on vulnerabilities identified by the red team (a team that finds weaknesses within the organization, raises issues, and resolves them) and detect other potential vulnerabilities, and included 10 scenarios and security countermeasures in the report.
LG CNS addressed AD vulnerabilities targeted by hackers. AD is a service used by numerous companies worldwide to efficiently manage infrastructure and members. Companies use AD to centrally manage user accounts and permissions of internal members. If a hacker takes control of AD, they can easily steal internal confidential data by hijacking company members' accounts. Additionally, hackers can infiltrate various company systems using AD information, implant viruses, and disrupt systems. Because AD hacking attacks can cause critical damage to companies, their security importance is high.
The major AD attack techniques identified by LG CNS include 10 methods such as ▲Kerberoasting attack ▲DCSync attack ▲MonikerLink vulnerability attack ▲Pass-the-Hash attack ▲Golden Ticket attack.
The Kerberoasting attack targets tickets (permissions) issued to users to use services such as shared folders and databases within the AD network, aiming to obtain passwords of vulnerable accounts. Tickets are created by combining user account passwords.
To defend against this attack, it is necessary to use complex passwords of at least 8 characters including uppercase letters and special characters, change passwords periodically at least every 90 days, and continuously monitor password vulnerabilities.
The DCSync attack refers to hackers acting as if they have the same privileges as the domain controller to perform synchronization requests and attempt to access sensitive company information.
The domain controller, a server that responds to security authentication requests within the Windows server domain, synchronizes changes such as user credential updates and thus has domain replication privileges. This makes it a target for hackers. When hackers perform a DCSync attack, they impersonate the domain controller to replicate sensitive company information and obtain account information of all domain users. To detect traces of hacker attacks and defend against subsequent attacks, security experts must review the principal account, object server, and event log attributes.
LG CNS plans to introduce the Security Vulnerability Analysis Report and discuss how to establish AD security enhancement strategies through a webinar scheduled for the 26th.
Baemin, Executive Director of LG CNS Security & Solution Business Division, emphasized, "The trend is that hackers are shifting their attack targets to internal networks such as AD," adding, "LG CNS provides differentiated cybersecurity strategies to corporate clients through AD security vulnerability diagnosis consulting and penetration testing services."
Meanwhile, LG CNS Purple Lab was newly established this year with the purpose of integrating in-depth analysis of hacking attacks and defense strategies to elevate security levels. Purple Lab is composed of existing red team and blue team members. The red team performs simulated hacking and attacks on systems, while the blue team, operating the Smart Security Control Center 24/7 throughout the year, is responsible for defense.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
