Security Awareness Training Blog

    A Majority of Cyberattacks Use Lateral Movement and “Living Off the Land”

    PowerShell

    The latest from Carbon Black’s 2019 Global Threat Report shows cybercriminals are intent to move from endpoint to endpoint and avoid detection using built-in tools.

    If you were a cybercriminal wanting to locate and exfiltrate valuable data from a victim organization, it’s not likely you’ll find much on the initial endpoint you compromise. So, you need to move around from endpoint to endpoint, gathering credentials along the way, building up an inventory of resource endpoints and user accounts at your disposal.

    It’s not just one of many tactics used; according to Carbon Black, with nearly 60% of attacks involving lateral movement, it’s quickly becoming the leading tactic for cybercriminals.

    Now, there are lots of great hacker utilities out there that can help, but those might sound the alarm from AV or endpoint protection solutions. So, what else is there? Plenty.

    Cybercriminals are experts on how to leverage the built-in tools found within the operating system of the compromised endpoint. According to the Carbon Black report, the following tools were used most often:

    • PowerShell was used in 90% of attacks
    • Windows Management Instrumentation (WMI) in nearly 60%
    • Secure Shell in nearly 30%

    The use of these tools helps cybercriminals “lay low”, avoiding detection, facilitating lateral movement within the organization.

    With tools like this at a cybercriminals fingertips, and with time on their side, they can remain undetected for extended periods of time – slowly moving throughout your network.

    With endpoint solutions unable to always spot external attacks, it’s important to leverage the single most effective part of your security strategy: the user. Without them, the cybercriminal is powerless to compromise an endpoint – let alone, move laterally.

    Through new-school  Security Awareness Training, users are educated on how to identify suspicious emails, email content, links and more that can contain malicious code intent on taking control of your endpoints, your users, and – eventually – your data.

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews