How Enterprises Can Break the Cyber-Attack Lifecycle

by Chris Preimesberger

Cybercrime is an estimated $1 trillion industry. Every organization with digital assets is vulnerable to attack, and the growing sophistication of cyber-criminals and their evolving tactics only increase the chance of a security breach involving the theft of sensitive data. Effective cyber-defense must withstand changes to adversaries’ tactics and tools that traditional, nonintegrated best-of-breed legacy approaches cannot address.

The Cyber Attack Lifecycle is a sequence of events that an attacker goes through to successfully infiltrate a network and exfiltrate data from it. The good news is that blocking just one stage in this lifecycle can be all that is needed to protect a company’s network and data from attack. That’s why it’s important to keep a prevention-based approach in mind and not operate as though detection is your best defense. SUMM: Focus on prevention above detection.

Just like burglars and thieves, most attackers carefully plan their attacks. They research, identify and select targets, often using phishing tactics or extracting public information from an employee’s LinkedIn profile or corporate Websites. These criminals also scan for network vulnerabilities and services or applications they can exploit.

Next, the attackers determine which methods to use. They may choose to embed intruder code within seemingly innocuous files like a PDF, Word document or email message. Or, for highly targeted attacks, attackers may craft deliverables to catch specific interests of an individual.

Once attackers gain access inside an organization, they can activate attack code on the victim’s host and ultimately take control of the target machine.

Attackers will seek to establish privileged operations, root kit, escalate privileges and establish persistence to gain a foothold.

Attackers establish a command channel back through the Internet to a specific server so they can communicate and pass data back and forth between infected devices and their server. This may allow attackers to track keystrokes, access and control a Webcam or transmit important access information back to the attacker for further penetration efforts.

Attackers may have many different motivations for attack, and it’s not always for profit. Their reasons could be data exfiltration, destruction of critical infrastructure, defacement of Web property or to create fear/extortion.

Enterprises need a prevention-based approach, one that is automated and allows them to remain agile in the face of advanced attacks plus provides a unique ability to defend against cyber-criminals. Companies should look for a solution that protects every part of the global enterprise network, addressing vulnerabilities and malware arriving at the endpoint, mobile device, network perimeter and within the data center. This provides new defense and resilience to prevent attackers at every stage of the Cyber-Attack Lifecycle.