Attackers fool humans into clicking on URL's leading to malware downloads, or with embedded or attached malware in emails.
Then when the payload has been installed on the victim's computer. The next step is to spread and also to get control of as many machines as possible in on the same and neighbouring networks. With the eventual goal of command and control.
When unimpeeded, these attacks now take 5-10 minutes.
From here they lay low, for months.. Then the shit really hit the fan when they take the domain controller infrastructure through a GOLDEN TICKET using KERBEROASTING attacks. Then Kansas is going bye bye. You better pray your competent IT leadership has taken steps to make IDENTIFY, DETECT, PROTECT, RESPOND, RECOVER dimensions (NIST framework) a reality across the technologies your company relies on.
MITRE defines a generic framework for hacking attacks:
- INITIAL ACCESS
- EXECUTION
- PERSISTENCE
- PRIVILEGE ESCALATION
- DEFENSE EVATION
- CREDENTIAL ACCESS
- DISCOVERY
- LATERAL MOVEMENT
- COLLECTION
- COMMAND AND CONTROL
- EXFILTRATION
- IMPACT
From here I recommend you read the MITRE ATTACK framework, great reading!
unixhero|5 years ago
Then when the payload has been installed on the victim's computer. The next step is to spread and also to get control of as many machines as possible in on the same and neighbouring networks. With the eventual goal of command and control.
When unimpeeded, these attacks now take 5-10 minutes.
From here they lay low, for months.. Then the shit really hit the fan when they take the domain controller infrastructure through a GOLDEN TICKET using KERBEROASTING attacks. Then Kansas is going bye bye. You better pray your competent IT leadership has taken steps to make IDENTIFY, DETECT, PROTECT, RESPOND, RECOVER dimensions (NIST framework) a reality across the technologies your company relies on.
MITRE defines a generic framework for hacking attacks:
- INITIAL ACCESS
- EXECUTION
- PERSISTENCE
- PRIVILEGE ESCALATION
- DEFENSE EVATION
- CREDENTIAL ACCESS
- DISCOVERY
- LATERAL MOVEMENT
- COLLECTION
- COMMAND AND CONTROL
- EXFILTRATION
- IMPACT
From here I recommend you read the MITRE ATTACK framework, great reading!
https://attack.mitre.org/
https://www.youtube.com/watch?v=bkfwMADar0M
https://www.youtube.com/watch?v=b6GUXerE9Ac
https://www.youtube.com/watch?v=_SsUeWYoO1Y
Real talk!
mikorym|5 years ago
I would have expected a bit more sophistication, like hidden URLs in emails that autoresolve, at the least. Not my area, though.