Protecting Against Attacks on NTLM Authentication - Security Boulevard
When it comes to cyberattacks, March has come in like a lion for Microsoft. Last week, Microsoft said in an SEC filing that that information stolen in a hack of senior leaders’ email accounts is now being used to “gain or attempt to gain access” to company source code repositories and other internal systems. The fallout remains unknown. Just a few days earlier, threat researchers at Proofpoint reported a phishing campaign by the well-known threat group TA577 that targets Windows NT LAN Manager (NTLM) authentication information. Attackers sent thousands of tailored emails designed to steal employees' NTLM “hashes” (or challenge/response values) from hundreds of organizations around the globe. These “hashes” can be cracked with far-reaching consequences, depending on an organization’s security measures.