Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Microsoft Issues New Advice on Defending Against Pass-the-Hash Attacks

Microsoft on Tuesday released new guidance to help customers defend against credential theft stemming from Pass-the-Hash (PtH) attacks.

Microsoft on Tuesday released new guidance to help customers defend against credential theft stemming from Pass-the-Hash (PtH) attacks.

In a new white paper called Mitigating Pass-the-Hash and Other Credential Theft, version 2, Microsoft encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks.

Microsoft describes Pass-the-Hash attacks as a technique in which an attacker captures account logon credentials on one computer and then uses those captured credentials to authenticate other computers over the network.

This latest 60-page report is a follow-up to a previously released report from Microsoft on guidance and mitigations for Pass-the-Hash attacks.

“Given that organizations must continue to operate after a breach, it is critical for them to have a plan to minimize the impact of successful attacks on their ongoing operations,” Matt Thomlinson, Vice President, Microsoft Security, wrote in a blog post. “Adopting an approach that assumes a breach will occur, ensures that organizations have a holistic plan in place before an attack occurs.”

According to Thomlinson, there are three important points technology leaders should understand about a PtH attack:

• First, an attacker has to get a foothold on your network before a PtH type of attack occurs. This is commonly achieved using tactics such as phishing, taking advantage of weak passwords, or by exploiting unpatched vulnerabilities.

• Second, once initial administrative rights to a compromised computer are obtained, an attacker captures account login credentials on that computer, and then uses those captured credentials to authenticate to other computers on the network.

• Third, the ultimate goal of an attacker might be to compromise the domain controller – the central point of control for all computers, corporate identities and credentials – which effectively gives them control and full access to all of the organization’s IT assets.

“A planned approach enables defenders to close the seams that attackers are aiming to exploit,” Thomlinson explained. “The guidance also underscores another important point – that technical features alone may not prevent lateral movement and privilege escalation. In order to substantially reduce credential theft attacks, organizations should consider the attacker mindset and use strategies such as identifying key assets, implementing detection mechanisms, and having a breach recovery plan.”

Microsoft provided a list strategies and advice that can be implemented in combination with Windows features to provide a more effective defensive approach, and are also aligned to the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Pass The Hash Mitigation

“Determined adversaries will adapt to the defenses of targeted organizations and seek out new ways of exploiting systems and the people who operate and maintain them,” the report concludes. “It is crucial to recognize that a comprehensive defense approach is needed and that organizations should be prepared to defend against these threats.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...