Blog Post Shout Out (mid November 2015)

Late last week, the security firm CyberArk published a blog post summarizing the findings of a report they have written:

What percentage of your Windows network is exposed to credential theft attacks? By Amy Burnis (CyberArk)

This report details the consequences that can result when an attacker compromises a Microsoft Windows based computing device within your organization’s network and then uses the credentials of the person logged into that device to access further Windows devices and data within your network.

If an attacker can use privileged credentials to laterally traverse a network (i.e. move from device to device compromising more and more credentials as they do so), eventually the attackers can obtain the credentials of a Windows Domain Administrator account (used to administer your Windows Server based domain controller (defined)), with these the Windows based devices on your network can be completely taken over by an attacker.

This method of attack used to obtain privileged credentials is known as a Pass-the-Hash (PtH) attack. Mitigations to protect against Windows credential theft attacks are discussed on pages 10 and 11 of CyberArk’s report.

I hope that the mitigations and advice discussed in the report mentioned above assist with hardening your organization against such attacks.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s