What is a pass-the-hash attack?
Pass the hash (PtH) is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network. Unlike other credential theft attacks, a pass the hash attack does not require the attacker to know or crack the password to gain access to the system. Rather, it uses a stored version of the password to initiate a new session.
What is a password hash?
A password hash is a one-way mathematical function that turns a user’s password into a string of text that cannot be reversed or decoded to reveal the actual password. Put simply, the passwords aren’t stored as text or characters, but nondescript hash symbols.
Why are pass the hash attacks a growing concern?
As more and more organizations leverage single sign-on (SSO) technology to enable a remote workforce and reduce friction within the user experience, attackers have come to recognize the inherent vulnerability of stored passwords and user credentials.
Identity-based attacks, such as pass the hash attacks, where adversaries pose as legitimate users are particularly difficult to detect because most traditional cybersecurity solutions cannot differentiate between a real user and an attacker masquerading as one.
Protecting against pass the hash attacks is critical because this technique often serves as a gateway to other, more serious security issues, such as data breaches, identity theft, and malware or ransomware attacks.
Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.
