The Threat Of Privilege Abuse In Active Directory
Cyber Defense Magazine, Thursday, September 25th, 2025
In early 2024, the BlackCat ransomware attack against Change Healthcare caused massive disruption across the U.S. healthcare sector. It later emerged that the cause of this major national incident was traced back to compromised credentials used to remotely access a Change Healthcare Citrix portal. Access to the portal wasn't secured with multi-factor authentication (MFA).
Using this access, the attackers moved laterally within Change Healthcare's systems to exfiltrate data and, eventually, deploy ransomware - with consequences that continue to impact millions of Americans.
The incident is one of many recent attacks highlighting Active Directory vulnerabilities, underlining why managing the threat of privilege abuse in Windows Active Directory (AD) is essential to securing today's networks.
Without the right protections, attackers can compromise any standard user account in AD and elevate privileges to gain far more powerful and dangerous access.