The significant cyberattack on British retailer Marks & Spencer highlights the growing impact of sophisticated ransomware attacks on major corporations – as well as the ongoing need for strong Active Directory security.
Specops Software has analyzed the attack in an updated post M&S ransomware hack: Active Directory & Service Desk security lessons.
The first critical lesson is that Active Directory (AD) environments must be treated as crown jewels and defended accordingly. While attackers getting access to the NTDS.dit file is obviously a serious breach, if your passwords are strong (long, not using common base words, not using existing breached passwords) it can still be quite expensive for an attacker to brute force those hashes to learn the users’ actual passwords. There also needs to be a focus on detecting and containing lateral movement in the event of a breach. Implementing certain measures will harden Active Directory environments against both offline-hash cracking and the misuse of elevated credentials—two of the primary enablers of the M&S attack.
To vew the full Specops Software analysis, please see the report M&S ransomware hack: Active Directory & Service Desk lessons, which includes a summary of the attack, how it happened, who is Scattered Spider and what can be learned from the attack.
Related
This entry was posted on May 7, 2025 at 3:27 pm and is filed under Commentary with tags Specops. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Specops Analysis: Marks & Spencer Hack – Active Directory & Service Desk Security Lessons
The significant cyberattack on British retailer Marks & Spencer highlights the growing impact of sophisticated ransomware attacks on major corporations – as well as the ongoing need for strong Active Directory security.
Specops Software has analyzed the attack in an updated post M&S ransomware hack: Active Directory & Service Desk security lessons.
The first critical lesson is that Active Directory (AD) environments must be treated as crown jewels and defended accordingly. While attackers getting access to the NTDS.dit file is obviously a serious breach, if your passwords are strong (long, not using common base words, not using existing breached passwords) it can still be quite expensive for an attacker to brute force those hashes to learn the users’ actual passwords. There also needs to be a focus on detecting and containing lateral movement in the event of a breach. Implementing certain measures will harden Active Directory environments against both offline-hash cracking and the misuse of elevated credentials—two of the primary enablers of the M&S attack.
To vew the full Specops Software analysis, please see the report M&S ransomware hack: Active Directory & Service Desk lessons, which includes a summary of the attack, how it happened, who is Scattered Spider and what can be learned from the attack.
Share this:
Like this:
Related
This entry was posted on May 7, 2025 at 3:27 pm and is filed under Commentary with tags Specops. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.