Stopping Pass-the-Hash Attacks: How CyberArk Helps a Global Communications Provider Mitigate this Advanced Threat

By John Worrall

A new type of advanced attack, known as Pass-the-Hash, has been gaining notoriety by targeting Windows operating systems. These attacks, which were recently addressed in detail at Black Hat, generally involve cyber attackers who capture account logon and password credentials (in hashed form) on one machine and then use these credentials to authenticate to another machine. By stealing and using the hash of an administrative password, attackers can move across the network, inflicting damage and stealing information while executing commands with the appropriate, stolen privileged account.

For one of our customers, a global communications company, Pass-the-Hash attacks posed an immediate challenge. The company’s IT team initially tried to prevent the threats by restricting access to their admin and privileged accounts by issuing Smart Cards. Unfortunately, the vulnerabilities persisted within these Smart Card-enabled accounts.

That’s when the organization turned to CyberArk to deploy a custom solution to ensure admin and privileged passwords are automatically changed with some frequency to proactively protect against Pass-the-Hash. Through role-based access control, CyberArk’s Enterprise Password Vault also identifies and manages Smart Card-enabled privileged accounts. After deploying the solution, the communications provider was able to assign strong and rapidly changing passwords that prevent attackers from stealing credentials and authenticating across the network.

Since implementation of Enterprise Password Vault, the organization has yet to have one single Pass-the-Hash attack or incident involving highly privileged accounts. Even better, there have been no other indicators of future attacks. The solution has also eliminated all other abuses of privileged accounts across the customer’s entire network. According to a Security Solutions Architect, CyberArk’s “solution protects all of our admin and privileged accounts and enables us to tout our strengthened Smart Card security posture to all of our customers.”

For more information on Pass-the-Hash attacks, and how this customer implemented a proactive defense strategy with the help of CyberArk, access the comprehensive case study.

Thursday, November 14, 2013