Cyber threat actors are individuals or groups that use cyberattacks to achieve their goals. These goals can vary greatly, and cyber threat actors can have very different levels of technical capabilities and resources. For example, script kiddies rely on pre-existing tools to perform attacks, while advanced persistent threats (APTs) are highly sophisticated hacking groups often backed by governments or organized crime.
What happens during a cyberattack? All cyberattacks are unique because the details depend on the attacker’s capabilities and goals and the details of the target organization. However, most cyberattacks involve four main steps.
Step 1: Gaining Access
Before a cyber threat actor poses a threat to an organization, they need to have access to the target organization’s systems. This initial access can be achieved in a variety of different ways.
One of the most common access methods is phishing attacks. If an employee clicks on a malicious link or opens an attachment, then the attacker can steal their login credentials or infect their computer with malware. The threat of phishing is why Hyper Vigilance includes email protection as part of its cybersecurity services.
Another common access vector is via unpatched vulnerabilities. Exploitable vulnerabilities, like the recent Microsoft Exchange vulnerabilities, can allow an attacker to access sensitive data or infect computers with malware if they remain unpatched. In the case of the Exchange hacks, failures to promptly apply patches led to widespread attacks, which could have been prevented with Hyper Vigilance’s patch management services.
Step 2: Escalating Privileges
Once inside an organization, the attacker must be able to move around the organization to find the information or data they are looking for. Privilege escalation is the most common way this is done.
Privilege escalation can occur in two ways: horizontal escalation or vertical escalation. Horizontal escalation is when an attacker gets into a user’s account and uses the access and privileges that the account has to grant permissions to other users. Vertical escalation is when an attacker gains more privileges in the account they already have access to.
With this new access, attackers are able to navigate sensitive or confidential information with ease.
Step 3: Lateral Movement
Cyber threat actors rarely gain immediate access to high-value targets within an organization’s network, such as database servers. Often, these attackers need to move laterally from easily compromised devices—such as employee workstations—to their actual targets.
At this stage of their attack, cyber threat actors are vulnerable to detection and remediation. If an organization has round-the-cloud network monitoring (a core component of Hyper Vigilance’s managed security services) in place, they may be able to detect and block the attackers from achieving their objectives. A lack of monitoring can lead to incidents like the Equifax hack, where cybercriminals had access to the organization’s environment for months without detection.
Step 4: Achieving Objectives
Once they reach their target, cyber threat actors can start working on achieving their ultimate goal, which could mean stealing data, infecting networks with malware, or locking down systems or functions of a company and demanding a ransom from the company in order to restore access.
An attacker’s ability to achieve their objectives depends on their level of access to the target system and the endpoint defenses that the organization has in place. Properly provisioning servers and user accounts and appropriately managing IT resources is essential to minimizing the probability and impact of cyberattacks.
What can I do to prepare for or prevent a cybersecurity incident?
Protecting against cyberattacks requires a clear understanding of an organization’s cybersecurity risks and ways in which it can mitigate and manage them. For those looking to evaluate and improve their existing cybersecurity program or build a new one, Hyper Vigilance can help. Contact us for a free consultation to see how we can help with protecting your organization against cyber threats.