sb-au logo
Story image

Businesses unsure if they’ve experienced Pass the Hash attacks – One Identity

14 Oct 2019

Identity and access manager solutions provider One Identity has released new global research revealing the significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses.

Among the survey’s is that 100% of Australian respondents say that PtH attacks, when they happen, have a direct business impact on their organisation.

Conducted by Dimensional Research, the survey of more than 1,000 IT professionals reinforces the need for organisations to deploy effective Active Directory (AD) management and privileged access management (PAM) solutions and practices, given that PtH attacks primarily result in unauthorised use of privileged credentials to compromise enterprise systems and data.

In a typical PtH attack, an attacker obtains privileged credentials by compromising an end-user’s machine and simulates an IT problem so that a privileged account holder will log into an administrative system.

Those login credentials are stored as a hash that the attacker extracts and uses to access additional IT resources across the organisation.

Without a holistic and strategic approach to protect privileged accounts and identify when privileged access is being abused, a cybercriminal leveraging a PtH technique can gain access to an entire network, rendering all other security safeguards ineffective.

According to One Identity’s survey, IT security stakeholders recognise the damage PtH attacks can cause, however, many are still not implementing the most important measures available to fight them. Additional findings from the report include:

PtH incidents, when they happen, have a widespread, direct impact on Australian businesses.

  • 35% say a PtH incident has a direct financial impact, such as lost revenue and fines.
  • 65% report a direct impact on operational costs.
  • 82% say these attacks distract staff from other projects, a rate 21% higher than the global average

Ignorance of PtH attacks is worryingly prevalent for the majority of Australian organisations.

  • 76% percent of Australian IT security stakeholders do not know for certain whether they’ve experienced a PtH attack.
  • Four percent of IT security stakeholders in Australia do not even know what a PtH attack is.

The vast majority (88%) of Australian respondents say they are already taking steps to prevent PtH attacks

  • 58% have implemented privileged password management (a password vault).
  • 42% percent have implemented better controls over AD/Azure AD administrator access.
  • 27% have implemented advanced PAM practices such as session audit and analytics.
  • 25% have followed Microsoft’s guidance and implemented an Enhanced Security Administrative Environment (ESAE, also known as Red Forest).
  • On a global level, among the respondents that have not taken any steps to prevent PtH, 85% have no plans to do so.

“The results of our 2019 survey indicate that despite the fact that Pass the Hash attacks are having a significant financial and operational impact on organisations, there is room for improvement in the steps organisations are taking to address them,” says One Identity product management vice president Darrell Long.

“Without a holistic and strategic approach to protect privileged accounts and identify privileged access abuse, organisations could very well leave their entire network exposed to cybercriminals leveraging the PtH technique, with detrimental repercussions to the business.

Long adds, “Australian businesses need to be vigilant in the face of the growing threat of Pass the Hash attacks given the significant effect they are having on companies’ bottom-lines and day-to-day operations. While Australian businesses are taking steps to protect themselves, it’s worrying that the vast majority can’t definitively state if they have been a victim of such an attack.

“Such was evident in the recent case where hackers accessed private student information from one of Australia’s major university networks in a manner that was described by the University as a state-of-the-art hack, carried out by an actor at the very top of their game and at the very cutting edge.”

Story image
Interview: Barracuda decision-makers discuss public cloud security
Last month, Barracuda released a report outlining the security barriers organisations must overcome to adopt the public cloud, as studies reveal that security was the top concern for such organisations.More
Story image
It’s time for firms' cybersecurity credentials to take centre stage
leading enterprise database was also used to identify whether each company had a chief information security officer (CISO) or a chief security officer (CSO). The results proved extremely interesting…More
Link image
COVID-19: The tools ensuring security for remote working
Cyber threats are multiplying during the pandemic, and remote workers are at a heightened risk of cyber attack. Here are the security solutions to defend against the wave of virus-related threats.More
Story image
Acronis appoints new APAC General Manager and launches Partners Programme
One of Morarji’s first objectives has been to launch the new Acronis Partner Programmes in APAC, in which the Acronis team will help channel partners and managed service providers (MSPs) expand their portfolios and deliver fast ROI.More
Story image
Securing remote workforces at scale
When employees aren’t used to working from home, their home networks generally aren’t secured to a corporate standard. This creates vulnerabilities that cybercriminals can leverage. More
Story image
Interview: RSA explains security in the epoch of IT disruption
We discussed cybersecurity in terms of how it fits into business continuity, as well as the threat landscape, and what RSA is currently doing to assist businesses that need protection.More