View Categories

Understanding Password Relay Attacks: Protecting Your Business from Credential Exploits

Passwords remain one of the most common ways to access systems, but they’re also one of the most targeted by cybercriminals. At Commercial Networks, we regularly see attacks where weak or intercepted passwords become the entry point for hackers. One of the fastest-growing examples of this is the password relay attack, which exploits authentication protocols to gain unauthorised access.

What Is a Password Relay Attack?

A password relay attack is a cyberattack where criminals intercept authentication credentials, such AS usernames and passwords, and immediately “relay” them to another system or service to impersonate a legitimate user.

Unlike brute force attacks, which attempt to guess passwords, relay attacks often exploit weaknesses in protocols such AS NTLM or Kerberos. These are still widely used in enterprise environments, especially where systems are older or misconfigured.

The result? Attackers can slip past security checks and pose AS real employees, often without raising alarms.

How Password Relay Attacks Work

Here’s how criminals typically carry out a relay attack:

  1. Intercept Authentication Requests – The attacker positions themselves between the user and system, often via a man-in-the-middle (MITM) attack.
  2. Capture Credentials – Instead of decrypting, they reuse the intercepted “hash” to authenticate elsewhere.
  3. Gain Access – By presenting the credentials to another service, they are logged in AS the victim.
  4. Maintain Persistence – Skilled attackers create backdoors or escalate privileges for long-term access.

This is one reason why password relay attacks are so dangerous: no password needs to be cracked at all.

Why Password Relay Attacks Matter

The impact of a successful relay attack can be devastating for businesses:

  • Data breaches – exposing client records, financial data, or intellectual property.
  • Ransomware deployment – attackers gain control of key systems and encrypt files.
  • Reputation damage – customer trust evaporates after a breach.
  • Regulatory fines – under GDPR and other frameworks, weak authentication is a compliance risk.

Defending Against Password Relay Attacks

So, what can organisations do to defend against this growing threat?

1. Use Multi-Factor Authentication (MFA)
Even if a password is intercepted, MFA ensures attackers can’t log in without a second factor.

2. Update Authentication Protocols
Where possible, replace NTLM with more secure alternatives such AS Kerberos. Microsoft has published guidance on Kerberos authentication that businesses should follow.

3. Enable SMB Signing
On Windows networks, enable Server Message Block (SMB) signing to prevent relay attacks targeting SMB traffic.

4. Segment Your Network
Dividing your network into zones makes it harder for attackers to move laterally if they gain access.

5. Keep Systems Patched
Outdated protocols and unpatched systems remain the easiest way for attackers to succeed.

6. Deploy Credential Guard
For Windows environments, Microsoft’s Credential Guard isolates authentication data, reducing the risk of theft.

7. Train Your Staff
Many relay attacks begin with phishing or social engineering. Ongoing employee training is essential, and increasingly required by cyber insurance providers.

Why Password Relay Attacks Are Rising

With more remote working and the persistence of legacy systems, attackers are finding new opportunities to exploit weak authentication. In fact, the UK National Cyber Security Centre (NCSC) has repeatedly warned about credential theft AS one of the top cyber threats facing organisations.

Businesses that fail to modernise their identity and access management processes leave themselves wide open to compromise.

Final Thoughts

Password relay attacks show how even “secure” passwords can be used against you. By adopting multi-factor authentication, stronger authentication protocols, and proactive network security, businesses can close off one of the most common entry points for cybercriminals.

At Commercial Networks, we help organisations protect themselves from credential-based attacks with solutions like conditional access, MFA, and proactive monitoring.

👉 Talk to us today about our Shield package and let’s strengthen your cybersecurity together. Call 0333 444 3455 or email sales@cnltd.co.uk.

Password relay attack
Get a free 30 minute IT consultation

We'd love to find out more about your IT...

Pick up the phone and call 0333 444 3455 today so we can discuss how we can help your business move forward. Our support Hotline is available 08:30 - 17:30 Monday - Friday

You can also reach us using the form here, Commercial Networks Ltd looks forward to becoming your preferred IT partner.

OFFICE LOCATIONS
Stoke on Trent
Newcastle Under Lyme
Falkirk
Manchester
Oswestry

© 2026 Commercial Networks LTD
Privacy Policy
Cookie Policy
Terms and Conditions