According to a new research survey, 68% of IT security stakeholders aren't sure whether they've experienced a Pass the Hash attack, and 4% don't even know what this globally prevalent form of attack is.
These almost fantastical findings, released today by One Identity, came from a survey of more than a thousand IT professionals conducted by Dimensional Research.
One Identity field strategist Dan Conrad told Infosecurity Magazine: "While 4% seems like a small percentage, that means nearly one in every 20 IT security professionals does not even know about a significant cyber-attack method.
"As attacks that have such a large impact on organizations, it’s imperative that the security industry continues to emphasize the importance of understanding PtH attacks and the proper methods to combat them."
In a PtH attack, a threat actor obtains privileged credentials by compromising an end user’s machine. The attacker then simulates an IT problem, which prompts a privileged account holder to log into an administrative system. When they do, the attacker stores their login credentials as a hash that can be extracted and used to access additional IT resources across the organization.
This attack technique has been doing the rounds since the 1990s and was first reported by Paul Ashton on Bugtraq in 1997. Back then it consisted of a modified Samba SMB client that accepted user password hashes instead of cleartext passwords.
Among the survey’s most noteworthy findings is that 95% of respondents say that PtH attacks have a direct business impact on their organizations, with 70% reporting a direct impact on operational costs.
A large majority (87%) of survey respondents say they are already taking steps to prevent PtH attacks, but only 55% have implemented privileged password management.
Microsoft issued guidance back in 2017 for companies to implement Active Directory Red Forest Design, aka Enhanced Security Administrative Environment (ESAE), to help prevent PtH attacks. The survey found that just a paltry 16% of small organizations and 31% of larger companies have followed this advice.
Perhaps most shockingly, among the respondents that have not taken any steps at all to prevent a PtH attack, 85% have no plans to do so.
Dan Conrad told Infosecurity Magazine: "As attacks that typically begin with a phishing email and could lead to a ransomware attack or sensitive data being accessed and stolen, the impact of a PtH attack can be widespread and severe.
"With data breaches creating a significant time and financial burden on any organization, it’s imperative that businesses take these attacks seriously and put privileged access management strategies and protocols in place to defend themselves."