The cybersecurity threats that companies face do not stop growing, and in fact, according to the latest report from the National Cybersecurity Institute (INCIBE), published in February, during 2025, 122,223 incidents were managed, which represents an increase of 26% compared to the previous period.

These attacks are also more sophisticated thanks to the use of technologies such as AI, and are aimed at critical assets within the technological infrastructures of organizations, such as the Active Directory (Active Directory or AD), whose role as an orchestrator of permissions and identities has made it a strategic target for cybercriminals.

Active Directory is a hierarchical directory service developed by Microsoft for Windows domain networks. Its main function is to allow administrators to centrally manage permissions and access to network resources. Therefore, at its core, AD stores key information such as users, systems, applications or services, and facilitates the interaction between these components through authentication and authorization protocols. The protection of this key piece in the organizational management of companies is completely fundamental since, if the AD is not secure, the entire organization is compromised. nettaro, a Spanish consulting firm specialized in cybersecurity and observability, already works with public and private organizations from all sectors in the implementation of solutions such as Sailpoint or Semperis, customized to each case for the security and monitoring that ensures the reliability of the Active Directory.

More sophisticated advanced attacks

In fact, the importance of protecting the Active Directory is vital, since, according to data from Semperis, one of nettaro’s partners, currently nine out of ten attacks aim to take advantage of AD vulnerabilities. Its appeal lies in the fact that if its components are compromised, they can grant almost total control of the company to the attacker. Among these, some of the most relevant are Domain Controllers (DC), responsible for processing authentication requests and verifying user credentials. Their compromise means that an intruder could control the entire IT environment. On the other hand there is the Kerberos protocol, which is the AD authentication standard. Its function is to protect credentials using encrypted tickets instead of transmitting passwords over the network. However, there are already advanced attacks that allow these tickets to be manipulated.

Additionally, in modern architectures, where organizations operate with a hybrid model where traditional Active Directory has to be synchronized in conjunction with cloud-based solutions, such as Microsoft Entra ID, a broader attack surface is created, where digital identities are not limited to the corporate data center. However, despite this, data from the “Identity Security Horizons 2025” report from nettaro partner Sailpoint reveals that 63% of organizations are still in the earliest stages of identity maturity, depending on manual provisioning processes, fragmented tools and static controls. Nettaro’s team of experts provides companies with security solutions tailored to their infrastructure for seamless hybrid operation that compromises Active Directory.

One of the main entry points to Active Directory compromise comes from ransomware. In fact, the Semperis 2025 Ransomware Risk Report reveals that 83% of successful ransomware attacks compromised identity infrastructure. Despite this, many organizations lack a proven recovery plan and AD-specific backup capabilities. This is critical as Active Directory recovery is complex and sometimes slow. 76% of ransomware victims needed more than a day, and in the case of 18% up to a month, to return to full normal operations.

Restoring the entire identity environment

Faced with this scenario, it is key for organizations to work with companies like nettaro, which help in the implementation of a security plan to minimize or recover the Active Directory in the event of an attack, with concrete steps that allow restoring control and reducing the interruption of operations. On the one hand, direction and containment via the identification of suspicious accesses in order to isolate them as soon as possible. If an intrusion has occurred, perform a damage analysis to verify which accounts or services may have been compromised and eliminate such unauthorized access.

83% of successful ransomware attacks compromised identity infrastructure, according to Semperis

In turn, the system must be restored, but in the context of today’s cyberattacks, traditional backups often contain the same malware that caused the incident. To do this, nettaro employs innovative technologies such as Semperis’ “cyber-priority AD Forest Recovery” (ADFR), which automates the restoration of the entire identity environment to a clean, known state.

In this way, in a context where hybrid work, the cloud and digitalization are the standard and have modified the corporate network, identity is positioned as a key security perimeter. Therefore, the protection of the Active Directory, a control point for the entire company, is essential to guarantee the resilience of organizations.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.