Hackers have quickly realized that the easiest and most optimal way to spread ransomware across “all” corporate networks is to find and use compromised GPOs.When you also consider that GPOs are contained within Active Directory, which is itself the number #1 ransomware and lateral movement environment (think about it– it’s over 20 years old, connected to everything, has more places to hide than anywhere else and most organizations suffer from an Active Directory expertise shortage), then you start to understand the mouth-watering proposition that compromised GPOs present to bad actors.
Additionally, compromising organization GPOs is one of the most effective ways to crippleenterprise defenses, steal data and assets while having optimal visibility of useful accounts andprivileges to hijack within an enterprise. In fact, using GPOs anyone can gain complete controlover the entire enterprise domain-controlled infrastructure including servers, clients, fileshares,printers, applications and many other devices.
