'Pass the Hash' attacks highlight need for improved privileged access management
Pass the Hash (PtH) attacks which use stolen hashed administrator credentials to breach security are a major risk to businesses.
A new report from One Identity, based on a survey of over 1,000 IT professionals carried out by Dimensional Research, finds 95 percent of respondents say that PtH attacks have a direct impact on their organizations.
In a typical PtH attack, an attacker obtains privileged credentials by compromising an end user's machine and simulates an IT problem so that a privileged account holder will log into an administrative system. Those login credentials are stored as a hash that the attacker extracts and uses to access additional IT resources across the organization. Potentially a cybercriminal leveraging a PtH technique can gain access to an entire network, rendering all other security safeguards ineffective. This highlights the need to protect privileged accounts and identify when privileged access is being abused.
A worrying aspect of the research is that 68 percent of IT security stakeholders don't know for certain whether they've experienced a PtH attack. In addition four percent don't even know what a PtH attack is.
Organizations are taking steps to guard against these attacks and 55 percent have implemented privileged password management via a password vault. 50 percent have implemented better controls over AD/Azure AD administrator access, and 32 percent have implemented advanced PAM practices such as session audit and analytics.
In addition 26 percent have followed Microsoft's guidance and implemented an Enhanced Security Administrative Environment (ESAE, also known as Red Forest). However, among the respondents that have not taken any steps to prevent PtH, 85 percent say they have no plans to do so.
"The results of our 2019 survey indicate that despite the fact that Pass the Hash attacks are having significant financial and operational impact on organizations, there is vast room for improvement in the steps organizations are taking to address them," says Darrell Long, vice president of Product Management at One Identity. "Without a holistic and strategic approach to protect privileged accounts and identify privileged access abuse, organizations could very well leave their entire network exposed to cybercriminals leveraging the PtH technique, with detrimental repercussions to the business."
You can find the full report on the One Identity site.