Milton Security Survey Reveals More Than 1 in 5 Organizations Still Using NTLMv1 - Susceptible to Malicious Attacks

NTLMv1, the insecure password authentication protocol in Active Directory, is still being utilized by 23% of organizations surveyed which leaves them vulnerable to network attacks.

BREA, CA, Mar. 29, 2021 -- Milton Security, a leading provider of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, performed a survey to understand the usage of NTLMv1 (NT LAN Manager, version 1) in organizations. The results of this survey were surprising in that 23% of organizations surveyed still used the authentication protocol. Microsoft issued guidance to stop using this configuration in January of 2013 because of the critical vulnerability it poses.

Rather than sending an encrypted password, NTLMv1 asks the user to encrypt a challenge word with the same pattern used to encrypt their password. The server then uses the same pattern to decrypt the challenge word and compares it to the original challenge word. If they match, the user is authenticated. This concept was always flawed, as it is easily compromised.

“Today, it’s simple for attackers to intercept the challenge word coming from the server, and the encrypted word coming from the client, do some brute force calculations and suddenly they have access to the server,” said James McMurry, CEO of Milton Security. “It’s shocking that more than 1 in 5 organizations are still using NTLMv1, which has been highly vulnerable to attack for over a decade. In today’s world of cloud and remote work, organizations that continue to use older technology and protocols are highly susceptible to network attacks.”

In addition to the 23% of organizations still using NTLMv1, the survey also revealed that 18% of companies allow RDP (Remote Desktop Protocol) access without 2-Factor or Multi-Factor Authentication. The lack of additional authentication protocols further compounds the insecurities of the network and does not allow for any means of catching an attack in progress.

Milton Security has implemented a standard, automated survey of security essentials. When you come onboard as a Milton client, we implement this survey and provide recommendations and guidance for opportunities to improve your network security. This is also reviewed on an ongoing daily activity as new vectors present themselves.

Milton Security is offering a 15-day Proof of Value (POV) proposition complete with Milton Argos Platform 2.0 services for those organizations who do not have the time or resources to evaluate or make the necessary changes to their systems to ensure NTLMv1 is being refused and NTLMv2 or KERBEROS are the only options being used.

 

About Milton Security

Milton Security operates a 24*7*365 unique Extended Detection & Response/Managed Detection & Response (MxDR) service that provides Threat Hunting As A Service using customers' existing security infrastructure. For 14 years, Milton’s team of Threat Hunters have stopped thousands of threats and assisted organizations in protecting themselves around the clock. Milton focuses on the best combination of AI, ML, and Human Correlation, to scout for threats, assist with incident response activities and protect hundreds of customers around the clock.

 

It’s Milton Security. Obviously, We Protect Your Brand.

www.miltonsecurity.com | +1.888.674.9001 | info@miltonsecurity.com

Milton Security, Inc.®, is a Service-Disabled Veteran-Owned Small Business started in 2007.

 

Media Contact
Lydia Coulter
Marketing
pr@miltonsecurity.com
714.515.4011