"Removing the Blind Spots That Allow Lateral Movement"

Almost every lateral movement action relies on compromised credentials. According to Expert Insights, credential compromise was responsible for more than 60 percent of all cyberattacks in 2021. Threat actors can obtain credentials from the machines they target or buy them in advance on the dark web. They typically attempt to compromise admin credentials because those accounts have higher access privileges, thus allowing the attacker to gain access to high-level network systems. Lateral movement is a never-ending process, with the tactic being repeated on different machines until the attacker reaches the desired target, such as a domain controller or server that stores sensitive data. Because of the progressive nature of such attacks, threat actors can turn a minor security incident into a major security breach. One of the most difficult aspects of lateral movement detection is the low anomaly factor. Lateral movement attacks take advantage of flaws in a company's user authentication process. As the authentication performed by the attacker is essentially identical to that performed by a legitimate user, such attacks frequently go undetected. Following the initial patient zero compromise, the attacker logs in to organizational systems or applications using valid credentials. As a result, the legacy Identity and Access Management (IAM) infrastructure cannot detect any anomaly during this process, allowing attackers to slip through and remain undetected in the network. Another significant issue is the potential misalignment or disparity between endpoint and identity protection aspects. Endpoint security solutions are primarily concerned with detecting anomalies in file and process execution. The attacker, on the other hand, gains access by exploiting the legitimate authentication infrastructure and using legitimate files and processes. Therefore, it is not on the radar of endpoint solutions. Even after the initial compromise, attackers move through the network using processes that are identical to legitimate user processes. This article continues to discuss the challenges of detecting lateral movement attacks as well as suggested strategies for preventing such attacks.

Help Net Security reports "Removing the Blind Spots That Allow Lateral Movement"

Submitted by Anonymous on