Attackers fool humans into clicking on URL's leading to malware downloads, or with embedded or attached malware in emails.
Then when the payload has been installed on the victim's computer. The next step is to spread and also to get control of as many machines as possible in on the same and neighbouring networks. With the eventual goal of command and control.
When unimpeeded, these attacks now take 5-10 minutes.
From here they lay low, for months.. Then the shit really hit the fan when they take the domain controller infrastructure through a GOLDEN TICKET using KERBEROASTING attacks. Then Kansas is going bye bye. You better pray your competent IT leadership has taken steps to make IDENTIFY, DETECT, PROTECT, RESPOND, RECOVER dimensions (NIST framework) a reality across the technologies your company relies on.
MITRE defines a generic framework for hacking attacks:
- INITIAL ACCESS
- EXECUTION
- PERSISTENCE
- PRIVILEGE ESCALATION
- DEFENSE EVATION
- CREDENTIAL ACCESS
- DISCOVERY
- LATERAL MOVEMENT
- COLLECTION
- COMMAND AND CONTROL
- EXFILTRATION
- IMPACT
From here I recommend you read the MITRE ATTACK framework, great reading!
It is done in every possible way. The dumbest form your defenses will allow in is what you get. Can absolutely be done via downloads yes. Because they perform an impersonation attack on you, or use a supplier as an attack vector, and by impersonating a trusted user, they get you to open a file or similar.
Better finetune your email security, because humans are a hard problem. Loads of awareness, phishing drills and information sec training is needed.
Then when the payload has been installed on the victim's computer. The next step is to spread and also to get control of as many machines as possible in on the same and neighbouring networks. With the eventual goal of command and control.
When unimpeeded, these attacks now take 5-10 minutes.
From here they lay low, for months.. Then the shit really hit the fan when they take the domain controller infrastructure through a GOLDEN TICKET using KERBEROASTING attacks. Then Kansas is going bye bye. You better pray your competent IT leadership has taken steps to make IDENTIFY, DETECT, PROTECT, RESPOND, RECOVER dimensions (NIST framework) a reality across the technologies your company relies on.
MITRE defines a generic framework for hacking attacks:
- INITIAL ACCESS
- EXECUTION
- PERSISTENCE
- PRIVILEGE ESCALATION
- DEFENSE EVATION
- CREDENTIAL ACCESS
- DISCOVERY
- LATERAL MOVEMENT
- COLLECTION
- COMMAND AND CONTROL
- EXFILTRATION
- IMPACT
From here I recommend you read the MITRE ATTACK framework, great reading!
https://attack.mitre.org/
https://www.youtube.com/watch?v=bkfwMADar0M
https://www.youtube.com/watch?v=b6GUXerE9Ac
https://www.youtube.com/watch?v=_SsUeWYoO1Y
Real talk!