One Identity, a proven leader in
identity-centered security, today released new global research revealing the
significant prevalence and impact of cyberattacks that use stolen hashed
administrator credentials, also referred to as Pass the Hash (PtH) attacks,
within businesses today. Among the survey's most noteworthy findings is that
95% of respondents say that PtH attacks have a direct business impact on their
organizations. Conducted by Dimensional Research, the survey of more than 1,000
IT professionals reinforces the crucial need for organizations to deploy
effective Active Directory (AD) management and privileged access management
(PAM) solutions and practices, given that PtH attacks primarily result in
unauthorized use of privileged credentials to compromise enterprise systems and
data.
In a typical PtH attack, an
attacker obtains privileged credentials by compromising an end user's machine
and simulates an IT problem so that a privileged account holder will log into
an administrative system. Those login credentials are stored as a hash that the
attacker extracts and uses to access additional IT resources across the
organization. Without a holistic and strategic approach to protect privileged
accounts and identify when privileged access is being abused, a cybercriminal
leveraging a PtH technique can gain access to an entire network, rendering all
other security safeguards ineffective.
According to One Identity's survey,
IT security stakeholders recognize the damage PtH attacks can cause, however,
many are still not implementing the most important measures available to fight
them. Additional top findings from the report include:
- PtH incidents have
a widespread, direct impact on businesses.
- Two in five (40%)
say a PtH incident has a direct financial impact, such as lost revenue
and fines.
- Seventy percent
report a direct impact on operational costs.
- Sixty-eight percent say these attacks distract staff
from other projects.
- Ignorance of PtH
attacks is worryingly prevalent for the majority of
organizations.
- Sixty-eight
percent of IT security stakeholders do not know for certain whether
they've experienced a PtH attack.
- Four percent of IT security stakeholders do not even
know what a PtH attack is.
- A large majority
(87%) of respondents say they are already taking steps to prevent PtH
attacks, but some lack of attention to address the issue persists.
- Fifty-five
percent have implemented privileged password management (a password
vault).
- Fifty percent
have implemented better controls over AD/Azure AD administrator access.
- Thirty-two
percent have implemented advanced PAM practices such as session audit and
analytics.
- Twenty-six
percent have followed Microsoft's guidance and implemented an Enhanced
Security Administrative Environment (ESAE, also known as Red Forest).
- Among the respondents that have not taken any steps
to prevent PtH, 85% have no plans to do so.
- Larger companies
feel they are more likely to be targeted by PtH attacks and are most
likely to take steps to address the issue.
- More than one in
four (26%) large companies (defined as organizations with more than 5,000
employees) report they have definitely or probably experienced this type
of attack, compared to about one in 10 (12%) smaller companies.
- Twice as many
large companies (38%) have invested in advanced PAM practices such as
session audit and analytics compared to smaller organizations
(19%).
- Fifty-nine
percent of large companies are implementing privileged password
management (a password vault) vs. only 44% of smaller companies.
- Only 16% of small
organizations are following Microsoft's guidance to implement ESAE (Red
Forest) compared to 31% of large companies.
"The results of our 2019 survey
indicate that despite the fact that Pass the Hash attacks are having
significant financial and operational impact on organizations, there is vast
room for improvement in the steps organizations are taking to address them,"
said Darrell Long, vice president of Product Management, One Identity. "Without
a holistic and strategic approach to protect privileged accounts and identify
privileged access abuse, organizations could very well leave their entire
network exposed to cybercriminals leveraging the PtH technique, with
detrimental repercussions to the business."
Effective PAM and
AD-focused identity and access management (IAM) are critical components in any
organizations' security strategy; but the 2019 State of Identity and Access
Management study shows businesses are still struggling to implement best
practices. One Identity helps organizations eliminate their biggest IAM and PAM
challenges, including controlling and automating AD permissions to protect the
directory by constantly evaluating administrator permissions and proxying
changes on behalf of the administrator, enabling delegation of exactly the
right permission at a much more granular level than native tools, with its
Active Roles solution. The industry-leading One Identity Safeguard PAM solution combines a
secured and hardened password safe, session management and monitoring, and
threat detection and analytics to help organizations securely store, manage,
record and analyze privileged access.
One Identity offers a free online executive summary of the
data as well as a Key Findings Report.