Pass-The-Hash Techniques Can Fool a Target System

Enhalo-comic28b_online leak site run by hive threat actors

An online leak site run by hive threat actors, accessible through a .onion address, targets ransomware victims with the intention of ‘naming and shaming’ them. In addition, the malware operators practice double extortion, which involves stealing sensitive corporate data from a victim organization before encrypting the disk. In the event a victim does not pay for a decryption key, cyberattackers will plaster their name across the leak site and set a timer before the data is exposed. It exacerbates the pressure and allows the attackers more opportunities for extortion.

Research by the Varonis Forensics Team has shown that by stealing the domain administrator NTLM hash without needing to crack the password, the operator can reuse it via a Pass-The-Hash attack and take control of the domain admin account. In other words, Pass-The-Hash techniques can fool a target system into launching authenticated sessions on a network without the need to crack a password.

What is the status of your Exchange Servers? Do your Exchange servers have the latest security patches?

Do you consider passwordless authentication?

Does your organization have a zero-trust architecture in place, continuously monitoring and validating that users and their devices have the appropriate privileges?

Louisa Oschmann

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Resources

With locations in USA, Europe, Africa and Asia, Enhalo is cybersecurity brought full circle.

USE CASES

WEBINARS

CASE STUDIES

SON OF A BREACH

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: