Just one in five Australian IT professionals are certain they have not experienced a Pass the Hash attack
- Survey of more than 1,000 IT security professionals reveals business impact of an attack method that uses stolen administrator credentials, also known as a “Pass the Hash” attack
- 100% of Australian respondents say “Pass the Hash” attacks have a direct business impact on their business
- 76% percent of respondents do not know for certain whether they have experienced this type of attack or not
“Click to enlarge”
One Identity, a proven leader in identity-centred security, has released new global research revealing the significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses. Among the survey’s most noteworthy findings is that 100% of Australian respondents say that PtH attacks, when they happen, have a direct business impact on their organisation. Conducted by Dimensional Research, the survey of more than 1,000 IT professionals reinforces the crucial need for organisations to deploy effective Active Directory (AD) management and privileged access management (PAM) solutions and practices, given that PtH attacks primarily result in unauthorised use of privileged credentials to compromise enterprise systems and data.
In a typical PtH attack, an attacker obtains privileged credentials by compromising an end-user’s machine and simulates an IT problem so that a privileged account holder will log into an administrative system. Those login credentials are stored as a hash that the attacker extracts and uses to access additional IT resources across the organisation. Without a holistic and strategic approach to protect privileged accounts and identify when privileged access is being abused, a cybercriminal leveraging a PtH technique can gain access to an entire network, rendering all other security safeguards ineffective.
“Click to enlarge”
According to One Identity’s survey, IT security stakeholders recognise the damage PtH attacks can cause, however, many are still not implementing the most important measures available to fight them. Additional findings from the report include:
- PtH incidents – when they happen – have a widespread, direct impact on Australian businesses.
- Thirty-five percent say a PtH incident has a direct financial impact, such as lost revenue and fines.
- Sixty-five percent report a direct impact on operational costs.
- Eighty-two percent say these attacks distract staff from other projects, a rate 21% higher than the global average
- Ignorance of PtH attacks is worryingly prevalent for the majority of Australian organisations.
- 76% percent of Australian IT security stakeholders do not know for certain whether they’ve experienced a PtH attack.
- Four percent of IT security stakeholders in Australia do not even know what a PtH attack is.
- The vast majority (88%) of Australian respondents say they are already taking steps to prevent PtH attacks
- Fifty-eight percent have implemented privileged password management (a password vault).
- Forty-two percent have implemented better controls over AD/Azure AD administrator access.
- Twenty-seven percent have implemented advanced PAM practices such as session audit and analytics.
- Twenty-five percent have followed Microsoft’s guidance and implemented an Enhanced Security Administrative Environment (ESAE, also known as Red Forest).
- On a global level, among the respondents that have not taken any steps to prevent PtH, 85% have no plans to do so.
“The results of our 2019 survey indicate that despite the fact that Pass the Hash attacks are having significant financial and operational impact on organisations, there is vast room for improvement in the steps organisations are taking to address them,” said Darrell Long, vice president of product management, One Identity. “Without a holistic and strategic approach to protect privileged accounts and identify privileged access abuse, organisations could very well leave their entire network exposed to cybercriminals leveraging the PtH technique, with detrimental repercussions to the business.
“Australian businesses need to be vigilant in the face of the growing threat of Pass the Hash attacks given the significant effect they are having on companies’ bottom-lines and day-to-day operations. While Australian businesses are taking steps to protect themselves, it’s worrying that the vast majority can’t definitively state if they have been a victim of such an attack. This is partly due to the sophisticated nature of today’s cyber-attackers who are circumventing robust security systems. Such was evident in the recent case where hackers accessed private student information from one of Australia’s major university networks in a manner that was described by the University as a state-of-the-art hack, carried out by an actor at the very top of their game and at the very cutting edge.”
Effective PAM and AD-focused identity and access management (IAM) are critical components in any organisations’ security strategy; but the 2019 State of Identity and Access Management study shows businesses are still struggling to implement best practices. One Identity helps organisations eliminate their biggest IAM and PAM challenges, including controlling and automating AD permissions to protect the directory by constantly evaluating administrator permissions and proxying changes on behalf of the administrator, enabling delegation of exactly the right permission at a much more granular level than native tools, with its Active Roles solution. The industry-leading One Identity Safeguard PAM solution combines a secured and hardened password safe, session management and monitoring, and threat detection and analytics to help organizations securely store, manage, record and analyse privileged access.
About the 2019 One Identity State of Identity and Access Management Study
Conducted by Dimensional Research, One Identity’s “2019 State of Identity and Access Management” study surveyed 1,005 IT security professionals from midsize to large enterprises on their current experiences, trends and approaches to Identity Governance and Administration (IGA), PAM and Identity SaaS. The study consisted of an online survey of IT professionals in midsize to large organizations with responsibility for security and who are very knowledgeable about IAM and privileged accounts. A total of 1,005 individuals from the U.S., Canada, U.K., Germany, France, Australia and New Zealand, Singapore and Hong Kong completed the survey.
