Change Healthcare attack - commentary from Active Directory expert
Februar 2024 von Dmitry Sotnikov, Chief Product Officer at Cayosoft
About, the Change Healthcare ransomware attack some perspective on the likely
target of the compromise from Dmitry Sotnikov, Chief Product Officer
at Cayosoft, which provides Active Directory management and instant
recovery solutions:
"Although the details of the Change Healthcare attack are still
emerging, the widespread nature of its consequences, i.e., the company
not being able to conduct its business, makes us assume that the very
foundation of all systems — corporate directory services — has fallen
victim to the attack. When this happens, users cannot log in and get
access to all directory-enabled applications, and thus, nothing works.
In 90% of sizable companies today, this corporate directory is Microsoft
Active Directory (AD) that, in many cases, is then replicated to its
cloud version, Entra ID. Hackers attack AD because it allows them to
discover corporate resources and spread their attack laterally, and
because of the impact of such an attack. Protecting AD is thus crucial
in keeping corporate IT functioning. Bringing AD back and ensuring that
it is clean is the first step in bringing back the whole of corporate
IT."