Red Flag Alert: Service Accounts Performing Interactive Logins

Active Directory Black Hat Credential Compromise Insider Threat Lateral Movement Passwords Privileged Accounts Stealthy Admin

In the world of account security, we often focus on end user accounts as the weak vector vulnerable to attackers. 

On the contrary, we at Preempt see something that happens just as frequently: failing to limit exposed and vulnerable service accounts. Service accounts often differ from end user accounts in that they usually have higher privileges that are used to control or call applications and services. As a result, looking for key indicators of compromise of your service accounts should be at the forefront of your network security strategy.