Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Posted by Matt Thomlinson, Vice President, Microsoft Security
Today, we released new guidance to help our customers address credential theft, called Mitigating Pass-the-Hash and Other Credential Theft, version 2. The paper encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks. This paper builds on our previously released guidance and mitigations for Pass-the-Hash (PtH) attacks.
Given that organizations must continue to operate after a breach, it is critical for them to have a plan to minimize the impact of successful attacks on their ongoing operations. Adopting an approach that assumes a breach will occur, ensures that organizations have a holistic plan in place before an attack occurs. A planned approach enables defenders to close the seams that attackers are aiming to exploit.
The guidance also underscores another important point - that technical features alone may not prevent lateral movement and privilege escalation. In order to substantially reduce credential theft attacks, organizations should consider the attacker mindset and use strategies such as identifying key assets, implementing detection mechanisms, and having a breach recovery plan. These strategies can be implemented in combination with Windows features to provide a more effective defensive approach, and are aligned to the well-known National Institute of Standards and Technology (NIST) Cybersecurity Framework.
There are three important points technology leaders should understand about a PtH attack:
Lastly, there is no one silver bullet that solves credential theft attacks such as PtH. The risk of credential theft exists in any type of single-sign-on implementation, both in open source and commercial platforms. Microsoft is committed to not only furthering platform enhancements to harden against these attacks, but also to sharing guidance to help strengthen our customers’ infrastructure against these threats.
If you have responsibility for the security of your organization’s IT infrastructure, I strongly encourage you to read and apply the guidance in this whitepaper. Visit http://microsoft.com/pth