One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8447284 |
| Date de publication | 2024-02-06 05:00:20 (vue: 2024-02-06 14:08:01) |
| Titre | Comment les cybercriminels augmentent-ils le privilège et se déplacent-ils latéralement? How Do Cybercriminals Escalate Privilege and Move Laterally? |
| Texte | If you want to understand how cybercriminals cause business-impacting security breaches, the attack chain is a great place to start. The eight steps of this chain generalize how a breach progresses from start to finish. The most impactful breaches typically follow this pattern: Steps in the attack chain. In this blog post, we will simplify the eight steps of an attack into three stages-the beginning, middle and end. Our focus here will primarily be on the middle stage-info gathering, privilege escalation and lateral movement, which is often the most challenging part of the attack chain to see and understand. The middle steps are often unfamiliar territory, except for the most highly specialized security practitioners. This lack of familiarity has contributed to significant underinvestment in security controls required to address attacks at this stage. But before we delve into our discussion of the middle, let\'s address the easiest stages to understand-the beginning and the end. The beginning of the attack chain A cyberattack has to start somewhere. At this stage, a cybercriminal gains an initial foothold into a target\'s IT environment. How do they do this? Mainly through phishing. A variety of tactics are used here including: Stealing a valid user\'s login credentials Luring a user into installing malicious software, such as Remote Access Trojans (RATs) Calling the company\'s help desk to socially engineer the help desk into granting the attacker control over a user\'s account Much ink has been spilled about these initial compromise techniques. This is why, in part, the level of awareness and understanding by security and non-security people of this first stage is so high. It is fair to say that most people-IT, security and everyday users-have personally experienced attempts at initial compromise. Who hasn\'t received a phishing email? A great deal of investment goes into security tools and user training to stop the initial compromise. Think of all the security technologies that exist for that purpose. The list is very long. The end of the attack chain Similarly, the level of awareness and understanding is also very high around what happens at the end of the attack chain. As a result, many security controls and best practices have also been focused here. Everyone-IT, security and even everyday users-understands the negative impacts of data exfiltration or business systems getting encrypted by ransomware attackers. Stories of stolen data and ransomed systems are in the news almost daily. Now, what about the middle? The middle is where an attacker attempts to move from the initially compromised account(s) or system(s) to more critical business systems where the data that\'s worth exfiltrating or ransoming is stored. To most people, other than red teamers, pen testers and cybercriminals, the middle of the attack chain is abstract and unfamiliar. After all, regular users don\'t attempt to escalate their privileges and move laterally on their enterprise network! These three stages make up the middle of the attack chain: Information gathering. This includes network scanning and enumeration. Privilege escalation. During this step, attackers go after identities that have successively higher IT system privileges. Or they escalate the privilege of the account that they currently control. Lateral movement. Here, they hop from one host to another on the way to the “crown jewel” IT systems. Steps in the middle of the attack chain. Relatively few IT or security folks have experience with or a deep understanding of the middle of the attack chain. There are several good reasons for this: Most security professionals are neither red teamers, pen testers, nor cybercriminals. The middle stages are “quiet,” unlike initial compromise-focused phishing attacks or successful ransomware attacks, which are very “loud” by comparison. Unlike the front and back end of the attack chain, there has been little coverage about how these steps |
| Envoyé | Oui |
| Condensat | about abstract abuse access account account activities activity actor actors actually address administration administrative administrators advantage adversaries after against ahead all allow almost also alternatives another answer answered any appearing apply are around aspects attack attacker attackers attacks attempt attempting attempts authenticate authentication authority automate automates automatically available avoid awareness back bad ban been before beginning being benjamin best big block blocked blog book both breach breaches brief building business but buyer calling campaigns can capabilities carry caught cause chain chain: chain challenge challenges challenging check clients cobalt coined combination companies company comparison compromise compromised conduct connect consider: considered contributed control controls course coverage create credential credentials credentials critical currently curve cyberattack cybercriminal cybercriminals daily data deal deep deeper deeply defend defenders defense defense by defense defensive delpy delve deployed designed desk desktop details detect detected detecting detection determine developed discover discovers discussion diving domain don done downloading downside dumping during dwell each easiest easy educational effective eight elevated email emerged empire enabled enables encrypted end endgame endpoint endpoints engineer enterprise enumeration environment equivalent escalate escalated escalation essentially even everyday everyone example except execute executing exfiltrating exfiltration exist existing experience experienced experts exploit exploration explore extended extract fair familiarity finally finish first focus focused folks follow foothold forged fortunately from front further future gain gained gains gartner gather gathering generalize generally generate get getting goal goes gold golden good grant granting great greater guide happens hard has hash hashed hashes hasn have help helping helps here high higher highly hop host hosts how however identifies identities identity immediate impactful impacting impacts includes including: info information inherently initial initially ink installed installing intended interactions interested interesting internal investment itdr its jewel” job jump just keep kerberos key known lack land landed lateral laterally launch learn legitimate let level levels like linux list little local login long look looks luring mac machine machines mainly make malicious malware many mapper memory microsoft middle mimikatz mimikatz mind mission monitoring more most move movement much necessarily need needing negative neither network networks new news next nmap nmap non nor normal not now obviously occur off often once one open operating other out over part pass password passwords pattern: payday pen penetration people per perform performing period personally perspective phishing piecemeal place plaintext plant point popular ports positive post practices practitioners pressing primarily privilege privileges processes products professionals progresses proofpoint protects protocol purpose quasarrat questions quietly ransomed ransoming ransomware rats rdp rdp reach reason reasonably reasons received recently reconnaissance red regular relatively remainder remember remote remotely repetitively required requires research response response: result retrieval rights running runs same say scanning scans scriptable security see seek sensitive servers services several short sign significant similarly simple simplify socially software solution solutions some somewhere source specialized specific specifically spilled spot stage stages start stealing step steps stolen stop stopping stored stores stories strike successful successively such support: system systems tactics target targeted team teamers techniques technologies territory testers testing than that them then these things think this: those threat three through thus ticket tickets time together tool tools traditional training traverse traversing trojans try trying t |
| Tags | Ransomware Malware Tool Vulnerability Threat |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.