All the passwords were stored in Active Directory description fields

It was far too easy for a hacker to get the information Avram Piltch Avram Piltch US editor Published thu // UTC PWNED Welcome back to PWNED, the weekly column where we talk about weak security policies and how to avoid them. Hopefully, we can learn from others’ mistakes – or at least have a good laugh at them. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub. com. Anonymity is available upon request. This week, we have a tale of password passivity involving Active Directory. It comes to us courtesy of Rob Anderson, head of reactive consulting services at Reliance Cyber, a UK-based security firm. Anderson recalls in the past working with a firm that was creating service accounts that developers needed to use, but the org didn’t have a proper password vault for storing the associated credentials. At that point, they captured a victim’s credentials, which led them to query Active Directory. Once in AD, the hackers found plenty of passwords, which came with full domain access. They used this access to delete all the backups and execute ransomware. In total, the crimes put 2000+ users out of action -V hypervisors and their hosts. The company was taken offline for months. What we can learn from this sad story is that you can’t put passwords in cleartext anywhere that's easy to access, unless you want an enormous attack surface. Even without a phish, an untrustworthy colleague could have sold the passwords to a threat actor. After all, a recent survey found one in eight workers think selling company logins can be justified. “I've seen it where configuration details are kept in application servers that are running, and threat actors are using fuzzing — trying likely file and directory names — which again exposes configuration and credentials to the threat actors,” Anderson said. He noted that developers are a bit more savvy these days about where they put their credentials, but security naivete sinks ships. From Prompt to Exploit: How LLMs Are Changing API Attacks Modern applications are API-driven, interconnected, and often over-permissioned, making them an ideal target for AI-assisted attacks. Architecting the Future: Unlocking Enterprise Data Services for Kubernetes Join us to discover how to eliminate infrastructure silos and establish a standardized, enterprise-grade cloud-native platform. Catch the Advanced Attacks Microsoft 365 Misses with Behavioral AI Security Microsoft 365 is the backbone of enterprise communication, and its native security filters out the known and the noisy.