What are “Pass the Hash” Attacks? How Can Your Enterprise Prevent Them?

What are "Pass the Hash" Attacks? How Can Your Enterprise Prevent Them?

What are “Pass the Hash” attacks? How can your enterprise prevent them from harming your users or business processes? What can privileged access management (PAM) do to prevent these attacks? 

According to recent survey research from privileged access management provider One Identity and Dimensional Research, Pass the Hash attacks proliferate; in fact, they proliferate faster than ever despite being a threat first discovered in the 1990s. 

Yet while many enterprises took the steps to defend themselves from Pass the Hash attacks, others have not. Unfortunately, of those enterprises that did not take the steps to defend themselves, 85 percent do not have plans to do so. Simultaneously, Centrify recently revealed more than 70 percent of all enterprise breaches involve abused privileged accounts.  

So what can enterprises do? 

What are Pass the Hash Attacks?

First, we need to define Pass the Hash attacks. In this kind of attack, a threat actor steals privileged credentials by compromising the end user’s endpoint. Here’s how: 

  • The attack creates or simulates an IT problem on an infected endpoint. This endpoint belongs to a privileged access user.  
  • Detecting the dummy IT problem, the privileged account holder to log into an administrative system.
  • The attacker stores the login credentials as a hash. 
  • Then, the attacker can use this hash to access additional IT resources across your enterprise IT infrastructure. 

How Dangerous Are Pass the Hash Attacks? 

The recent studies from One Identity and Dimensional Research show the dangers of these privileged identity attacks. Usually, the problem stems from ignorance. In their survey, 68 percent of IT security stakeholders don’t know whether they experienced this kind of attack. Additionally, another 4 percent don’t even recognize this attack at all. 

However, 95 percent of respondents say these attacks impact business processes. Moreover, 70 percent report an impact on operational costs as a result of Pass the Hash attacks. Another 40 percent of these attacks cause direct financial problems including lost revenue and fines. 

In other words, ignorance can’t protect your enterprise. So what can? 

Privileged Access Management Can Help. Here’s How. 

While many enterprises do indeed protect themselves against these attacks, only 55 percent of businesses implement privileged password management. 

Yet privileged access management can help prevent Pass the Hash attacks in multiple ways. First and foremost, PAM can alleviate the burden on passwords to uphold authentication processes by themselves. The general rule of thumb concerning authentication states the more layers between request and access, the more secure the data remains. Multifactor authentication adds those additional layers, often without interfering with business processes. 

These multifactor authentication layers can include geofencing, hard tokens, time of access request monitoring, and biometric authentication. Additionally, next-generation privileged access management offers you an opportunity to enact continuous authentication and session management. Only enforcing privileged access management at the login portal can actually leave you vulnerable in the long term. 

Meanwhile, with PAM capabilities you can monitor your privileged user sessions for signs of anomalous behaviors; next-generation privileged session management should enable you to observe the date, time, and location of each session. This allows your IT security team a window for auditing and investigating cybersecurity incidents. 

Perhaps most relevantly when discussing Pass the Hash attacks, PAM solutions offer password vaulting capabilities. These function similarly to a safe or other analog security systems. Passwords remain locked inside and encrypted, with only one master password capable of accessing them. They maintain encryption even as users call upon them, automatically enabling them to log in securely. In some ways, it resembles Single Sign-On. However, it proves a secure alternative to single sign-on which facilitates workflows.

Where Enterprises Stumble in Their PAM Solutions

According to Centrify, at least 26 percent of IT decision-makers in the United States couldn’t define privileged access management. Meanwhile, fellow privileged management access provider Thycotic, 70 percent of enterprises fail to discover all of the privileged access accounts in their network. In fact, 40 percent never bother looking for all of them in the first place.

Yet simultaneously, Centrify and TechVangelism found a majority of enterprises—93 percent—express the belief they can handle threats to their privileged access. 

In other words, you need the benefits of next-generation privileged access management. 

How to Learn More

To learn more about these attacks and the solutions which can prevent them, be sure to check out our 2019 Privileged Access Management Buyer’s Guide. We cover the top solution providers in the field and their key capabilities. Additionally, you can check out our 2019 Identity Management Buyer’s Guide.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner