This story is a good example of why a comprehensive, detailed, layered cyber defense is necessary for an organization:
In the years since, Delpy has released that code to the public, and Mimikatz has become a ubiquitous tool in all manner of hacker penetrations, allowing intruders to quickly leapfrog from one connected machine on a network to the next as soon as they gain an initial foothold.
“Mimikatz wasn’t at all designed for attackers. But it’s helped them,” Delpy says in his understated and French-tinged English.
Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows function called WDigest.
Delpy saw Chinese users in hacker forums discussing Mimikatz, and trying to reverse-engineer it.
As the use of Mimikatz spread, Microsoft in 2013 finally added the ability in Windows 8.1 to disable WDigest, neutering Mimikatz’s most powerful feature.
Delpy says, if systems administrators limit the privileges of their users, Mimikatz can’t get the administrative access it needs to start hopping to other computers and stealing more credentials.
“If Mimikatz has been used to steal your passwords, your main problem is not Mimikatz,” Delpy says.
Although Mimikatz can be used to steal passwords, the tool in and of itself is not the problem. Rather than taking shortcuts and the fastest route to deployment, it is necessary for an organization to take its time to properly configure its Active Directory environment, networking gear, and installing the correct cyber defense tools.
Cyber security is tough, but there are a lot of common sense approaches to the problem to decrease the risk to exposure.