Anatomy of an Attack

The threat of malicious activity is increasing more by the day. A recent study estimates that by 2021 cybercrimes will cost upwards of $6 trillion per year, up nearly 100% from a similar study performed in 2015. Company downtime, data loss, lost productivity, business disruption, and reputational damage are only a few of the areas that are impacted by a cyber incident. Not taking the necessary steps to properly secure your network can mean the difference between profitability and closing the doors. The following depicts what will happen if a company doesn’t take the correct steps to protect their network.

breaking down an attack

Payload Download

With the click of a mouse, anything can be downloaded from the Internet.(I.e., A malicious script in an Excel Macro could have been downloaded that allows an attacker to infiltrate a workstation.

Installs to Machine

Once the user has clicked to download the malicious payload, the installation to the machine takes only seconds, and some of these attacks simply run without user intervention.

Command & Control To "Bad Guys"

Once the payload is installed, in most cases the end user never detects anything out of the ordinary. The attacker has essentially established a “shell” with the ability to execute commands remotely, without user knowledge.

Gain Persistence

Once an attacker has obtained Command & Control of a system, the next step is to live through a reboot so that when a machine comes back online it essentially alerts the attacker to its availability.

Lateral Movements

From an attacker’s perspective, compromising one machine is good but 15 machines are better. If the breach is detected on the original machine, the attacker has now moved around and gained the same persistence across numerous machines, increasing the likelihood of furthering the attack.

Privilege Escalation

Once an attacker has furthered their reach into a network, they will look to gain administrative rights to both the infected machine as well as the entire network.

Network Recon

When the attacker has escalated to an administrator level, they will begin to search for the treasure trove of information that they can use for financial gain: Personal Identifiable Information (PII): Social Security Numbers, Credit Card Numbers, Driver’s License Numbers, Geographic Identifiers, and more. Information that is worth millions on the Internet. Information that, if lost, can seriously impact your organization’s reputation with your customers and have a severe financial impact.

Data Theft

Now that the attacker has identified where the PII is located and has been watching what normal activities take place in the network, they will begin the ex filtration of data. In most cases, this will be done “off-hours” when no one is around to monitor network activity.

Go Quiet & Watch

Now that the attacker has stolen the desired data,they will simply watch for changes to the data. Always looking for more to steal. This step in the attack can happen over the course of months.