[denton-scratch]

> When an attacker gains a foothold in a corporate environment, they will immediately try to find any accessible credentials to assist in lateral movement.

/me not a security expert. But isn't this the mistake I used to make for years: to believe that the hacker is a human, responding to his environment and making decisions? It took me a long time to acknowledge that nearly all network attacks are automated, and unless it's a highly targeted attack, the attack script won't care whether you're a corporation or a couch-potato in a basement.

[GekkePrutser]

The big news headlines like wannacry were fully automated. But one-trick ponies. If you had patched you were fine. What made it a problem was that so many hadn't.

But the sinister targeted ones where you only find out because someone is selling terabytes of confidential data, those are usually highly targeted and manual. It's very hard to automate and stay under the radar.

You need protection against both.

[denton-scratch]

> But the sinister targeted ones where you only find out because someone is selling terabytes of confidential data, those are usually highly targeted and manual.

It doesn't surprise me that "sinister targeted" attacks are also "usually highly targeted".

[GekkePrutser]

Lol yeah not my best writing. Agreed

[MattPalmer1086]

One thing I think isn't widely appreciated is that insecurity is a highly developed market.

People still have this idea of the lone hooded hacker doing everything from their bedroom.

In reality, people specialise in different aspects of cracking security and sell what they have to someone else. So someone is in the market for a zero day, or a compromised system in the government or a company, and they can just buy that.

For home users, the payoff isn't big enough to be worth more than automated type attacks. So you escape the human in the loop mostly.

[MattPalmer1086]

It can either be a human directing it once a foothold is established, or an automated attack. Initial compromise may be automated but lateral movement is harder to automate.

If you work on highly sensitive systems then you should expect a human in the loop at some point.

[denton-scratch]

> If you work on highly sensitive systems

I don't; I'm retired. I have only my home network to fret about. I don't have data to lose, but I don't want some rotter using my network to attack other networks. That rotter isn't going to set up automation to grab my family photos; but he'll use automation to attack other networks.

I've never worked with "highly sensitive systems", as far as I'm aware. I've only ever worked with systems that had the potential to wreck the company. I don't know if that counts, in your book.

[MattPalmer1086]

Potential to wreck the company counts pretty high in my book!

My own home security is merely adequate. I turn off things like upnp on the router. Disks and backups are encrypted. I don't worry overly much about it. If someone actually targets me it's probably game over, but it's ok against random script kiddies or someone stealing my computers.