Story image

Businesses unsure if they’ve experienced Pass the Hash attacks – One Identity

14 Oct 2019
Twitter
Facebook

Identity and access manager solutions provider One Identity has released new global research revealing the significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses.

Among the survey’s is that 100% of Australian respondents say that PtH attacks, when they happen, have a direct business impact on their organisation.

Conducted by Dimensional Research, the survey of more than 1,000 IT professionals reinforces the need for organisations to deploy effective Active Directory (AD) management and privileged access management (PAM) solutions and practices, given that PtH attacks primarily result in unauthorised use of privileged credentials to compromise enterprise systems and data.

In a typical PtH attack, an attacker obtains privileged credentials by compromising an end-user’s machine and simulates an IT problem so that a privileged account holder will log into an administrative system.

Those login credentials are stored as a hash that the attacker extracts and uses to access additional IT resources across the organisation.

Without a holistic and strategic approach to protect privileged accounts and identify when privileged access is being abused, a cybercriminal leveraging a PtH technique can gain access to an entire network, rendering all other security safeguards ineffective.

According to One Identity’s survey, IT security stakeholders recognise the damage PtH attacks can cause, however, many are still not implementing the most important measures available to fight them. Additional findings from the report include:

PtH incidents, when they happen, have a widespread, direct impact on Australian businesses.

  • 35% say a PtH incident has a direct financial impact, such as lost revenue and fines.
  • 65% report a direct impact on operational costs.
  • 82% say these attacks distract staff from other projects, a rate 21% higher than the global average

Ignorance of PtH attacks is worryingly prevalent for the majority of Australian organisations.

  • 76% percent of Australian IT security stakeholders do not know for certain whether they’ve experienced a PtH attack.
  • Four percent of IT security stakeholders in Australia do not even know what a PtH attack is.

The vast majority (88%) of Australian respondents say they are already taking steps to prevent PtH attacks

  • 58% have implemented privileged password management (a password vault).
  • 42% percent have implemented better controls over AD/Azure AD administrator access.
  • 27% have implemented advanced PAM practices such as session audit and analytics.
  • 25% have followed Microsoft’s guidance and implemented an Enhanced Security Administrative Environment (ESAE, also known as Red Forest).
  • On a global level, among the respondents that have not taken any steps to prevent PtH, 85% have no plans to do so.

“The results of our 2019 survey indicate that despite the fact that Pass the Hash attacks are having a significant financial and operational impact on organisations, there is room for improvement in the steps organisations are taking to address them,” says One Identity product management vice president Darrell Long.

“Without a holistic and strategic approach to protect privileged accounts and identify privileged access abuse, organisations could very well leave their entire network exposed to cybercriminals leveraging the PtH technique, with detrimental repercussions to the business.

Long adds, “Australian businesses need to be vigilant in the face of the growing threat of Pass the Hash attacks given the significant effect they are having on companies’ bottom-lines and day-to-day operations. While Australian businesses are taking steps to protect themselves, it’s worrying that the vast majority can’t definitively state if they have been a victim of such an attack.

“Such was evident in the recent case where hackers accessed private student information from one of Australia’s major university networks in a manner that was described by the University as a state-of-the-art hack, carried out by an actor at the very top of their game and at the very cutting edge.”