PREDICTIVE INTELLIGENCE

intercepting their queries for data and redirecting them into decoys as they attempt to move laterally .

The lessons of lateral movement

Unfortunately , many enterprise-level production environments remain vulnerable to lateral movement , which poses a challenge to CISOs . When they ’ re assessing their enterprise security solution stack , CISOs should make sure they can efficiently detect activities like discovery , privilege escalation and lateral movement . Otherwise , they ’ re leaving their organisation vulnerable to longer attacker dwell time , subsequently amplifying the magnitude of the compromise .

It ’ s incumbent upon security staff to protect their employers by responding quickly to the latest threats and disrupting a threat actor ’ s attack paths . It also isn ’ t enough to simply install lateral movement detection systems . Ideally , governments and regulators should put pressure on organisations to establish lateral movement and credential identity entitlement protections and better threat intelligence sharing . These defences are increasingly necessary and should be a de facto part of security architecture .

Lateral movement and privilege escalation in the news

Lateral movement is not a niche issue : it is present in roughly 60 % of attacks , and over 80 % of attacks used privileged access . In the SolarWinds attack , threat actors kept their malware footprint very low as they quietly stole through networks , using credentials to perform lateral movement and establish legitimate remote access .

If more efficient security controls to detect lateral movement and privilege escalation had been in place , the attackers would not have had as much time to conduct their attack and the

SolarWinds breach might have been less widespread and damaging .

Lateral movement has shown up in many other high-profile incidents , including the NotPetya attacks of 2017 , in which a piece of malware spread itself to a widerange of remote systems on the network . Lateral tool transfer also occurred during the 2017 WannaCry outbreak . A ransomware cryptoworm attempted to copy itself to remote computers using a vulnerability in the implementation of server message block ( SMB ) in Windows

34 www . intelligentciso . com