How seriously do you take a Pass the Hash attack on your organization? First, do you know what a Pass the Hash (PtH) attack is? If you don’t, you’re joined by four percent of respondents (IT security professionals) to our global survey, which explored the prevalence of – and attitudes toward – the PtH threat. A little concerning, but this empirical tidbit does partially speak to the current level of awareness of and steps taken to address this threat, which targets privileged accounts in an Active Directory environment. Our survey, conducted by Dimensional Research in July 2019, collected responses from 1,005 IT professionals from around the world.
To refresh: in a PtH attack, a bad actor obtains privileged credentials by compromising an end user’s machine and then simulates an IT problem that will require a privileged user to log into the machine. The admin’s privileged credentials are stored as a hash (which is a password transformed into a string of mathematically created characters) that can then be extracted by the attacker and used to access elevated IT resources across the organization. This allows the bad actor to steal an organization’s most sensitive data and cause widespread damage.
Recently, we published the results of our global survey 2019: Privileged Access and the Impact of Pass the Hash Attacks. Available as an executive summary or with graphically depicted key data findings, you can see how your organization’s security stance compares to other organizations around the world. Both documents provide illuminating survey data that highlights the awareness level of the threat, its potential impact on business operations and what mitigation steps organizations have taken to reduce the likelihood of a PtH attack.
You can see more survey results in the exec summary or the findings report available via the links below, but here are a few highlights.
- Pass the Hash incidents have a widespread, direct impact on businesses
- A large majority (87%) of respondents say they are already taking steps to prevent PtH attacks, but some lack of attention to address the issue persists
- Larger companies feel they are more likely to be targeted by PtH attacks and are most likely to take steps to address the issue
- Organizations are generally unsure if they have experienced a security incident due to Pass the Hash.
The good news: There is a way to sleep at night knowing the threat that Pass the Hash represents. Effective AD and privileged access management (PAM) procedures and policies are critical components to any organizations’ security strategy. More recommendations and the rest of the data are available via the links below.