Late last week, the security firm CyberArk published a blog post summarizing the findings of a report they have written:
This report details the consequences that can result when an attacker compromises a Microsoft Windows based computing device within your organization’s network and then uses the credentials of the person logged into that device to access further Windows devices and data within your network.
If an attacker can use privileged credentials to laterally traverse a network (i.e. move from device to device compromising more and more credentials as they do so), eventually the attackers can obtain the credentials of a Windows Domain Administrator account (used to administer your Windows Server based domain controller (defined)), with these the Windows based devices on your network can be completely taken over by an attacker.
This method of attack used to obtain privileged credentials is known as a Pass-the-Hash (PtH) attack. Mitigations to protect against Windows credential theft attacks are discussed on pages 10 and 11 of CyberArk’s report.
I hope that the mitigations and advice discussed in the report mentioned above assist with hardening your organization against such attacks.