Pass the Hash (PtH) is a widely discussed attack method against Microsoft Active Directory users. In a PtH attack, a bad actor obtains privileged credentials by compromising an end user’s machine and simulates an IT problem, prompting a privileged user to log into the machine. Those privileged credentials used by the admin to login are stored as a hash that the attacker extracts and uses to access elevated IT resources across the organization. This allows the bad actor to access an organization’s most sensitive data and cause widespread damage – even if the organization leverages the Red Forest (ESAE) Active Directory architecture.
To better understand the impact of PtH attacks and learn more about measures that organizations pursue to combat the threat, One Identity commissioned Dimensional Research to survey IT security professionals from midsize to large enterprises around the world. A total of 1,005 individuals with responsibility for IT security and who are knowledgeable about Active Directory, IAM and PAM completed the online survey, which was conducted in July 2019. Survey respondents were from the United States, Canada, U.K., Germany, France, Australia, New Zealand, Singapore and Hong Kong.