Almost every CISO or executive with security related responsibilities that I have talked to over the past couple of years has expressed interest in learning how to improve their security posture to better mitigate the risks posed by “APT” (Advanced Persistent Threats) style attacks. At Microsoft we don’t use the term APT because these attacks are typically based on old, well understood tactics and technologies, i.e. they aren’t really “advanced.”
For example, one thing these attackers typically try to do is steal user names and passwords from networks they compromise so that they can get access to more resources and stay on the network undetected for as long as possible. One type of attack they use as a matter of course is called “pass-the-hash.” This involves stealing the hashed version (a one-way mathematical representation) of user names and passwords from a compromised network and using those credentials to obtain access to network resources and data. There has been a considerable amount of research and tool development in this area over the years that has made it easier for attackers to perform pass-the-hash and other credential theft and reuse attacks.
Today Microsoft released a new whitepaper that contains field tested guidance that will help organizations mitigate this type of attack. To make things easier for your IT department, the paper contains ratings for these mitigations based on their effectiveness, effort required to implement, etc.
I strongly encourage you to share this whitepaper and the new mitigation guidance with your IT department and vendors, so they can improve your network’s security posture to better protect you against targeted attacks.