TECH TALK
10 steps to
stop lateral
movement in
data breaches
As highlighted in the 2017 Verizon Data Breach
Investigation Report (DBIR), 75% of attacks come from the
outside and a whopping 81% of hacking-related breaches
leveraged either stolen and/or weak passwords. While the
specific tactics may vary, the stages of an outsider attack
are similar and usually follow four steps, says Brad Hibbert,
Lead Solutions Strategist at BeyondTrust.
F
irst, the attackers penetrate the
perimeter but more than likely,
they execute a successful drive-by
download or launch a phishing attack
to compromise a user’s system and
establish a foothold inside the network;
all the while flying ‘under the radar’ of
many traditional security defences.
Next, they establish a connection -
unless it’s ransomware or self-contained
malware, the attacker quickly establishes
a connection to a command and control
84
INTELLIGENTCIO
(C&C) server to download toolkits,
additional payloads, and to receive
additional instructions.
According to the Verizon report,
social attacks were utilised in 43%
of all breaches in this year’s dataset.
Almost all phishing attacks that led
to a breach were followed with some
form of malware, and 28% of phishing
breaches were targeted. Once inside the
network, attackers begin to learn about
the network, the layout, the assets.
They begin to move laterally to other
systems and look for opportunities to
collect additional credentials, upgrade
privileges, or just use the privileges that
they have already compromised to
access systems, applications and data.
Lastly, the attacker collects, packages
and eventually exfiltrates the data.
How to stop lateral movement
While the Data Breach Investigations
Report and nearly every security vendor
www.intelligentcio.com