How to your organization mitigate the risk of a Pass-the-Hash (PtH) attack?

This mitigation strategies that you can use in your organization to help prevent both lateral movement and privilege escalation by decreasing the impact of credential theft.

Lateral Movement: In this activity, the attacker uses the credentials obtained from a compromised computer to gain access to another computer of the same value to the organization.

Privilege Escalation: In this activity, the attacker uses the credentials obtained from a compromised computer to gain access to another computer of a higher value to the organization.

These mitigations are effective, practical, and broadly applicable to different domain configurations.

These mitigations are defense-in-depth measures designed to ensure that your environment is protected even if these measures fail.

MitigationEffectivenessEffort RequiredPrivilege EscalationLateral Movement
Restrict and protect local accounts with Administrative PrivilegesExcellentMedium
Restrict and protect local accounts with Administrative PrivilegesExcellentLow
Restrict inbound traffic using the Windows FirewallExcellentMedium
More RecommendationsEffectivenessEffort RequiredPrivilege EscalationLateral Movement
Remove standard users from the local Administrators GroupExcellentHigh
Limit the number and use of privileged Domain AccountsGoodMedium
Configure outbound proxies to deny internet to Privileged AccountsGoodLow
Ensure Administrative Accounts don’t have email accountsGoodLow
Use remote management tools that don’t place reusable credentials on a remote computers memoryGoodMedium
Avoid logons to less secure computers that are potentially compromisedGoodLow
Update applications and operating systemsPartialMedium
Secure and manage Domain ControllersPartialMedium
Remove LM hashesPartialLow
Other MitigationEffectivenessEffort RequiredPrivilege EscalationLateral Movement
Disable the NTLM ProtocolMinimalHigh
Smart cards and multifactor authentication (MFA)MinimalHigh
Jump serversMinimalHigh
Rebooting workstations and serversMinimalLow

Have a nice day!