NTLM relay attacks are common. Organizations should know what they are and how to protect against them.
In a Microsoft Windows™ environment, authentication is often synonymous with Windows New Technology LAN Manager (NTLM). Despite being replaced as the primary authentication protocol by Kerberos in Windows 2000, NTLM remains pervasive even in new environments. NTLM continues to be used because of the need for backward compatibility and because it is still enabled by default in Windows 10 and Windows Server 2019.
NTLM relay attacks use old authentication protocols that make 1980s-type assumptions about trust, and they grant access in the process. Organizations should learn how these attacks work and then take steps to protect against the many forms these attacks can take.