Why Attackers Bank on Lateral Movement and How to Stop Them
Cyber-attacks are becoming increasingly complex, and once an attacker successfully compromises an endpoint, they love to move laterally through connected networks and devices, often undetected.
And now, with our expanded supply chain via the cloud and SaaS, a breach in one level of your supply chain can have devastating impacts on your operations, regardless of how mature you think your cyber controls may be.
In fact, according to VMware’s “2022 Global Incident Response Threat Report”, a quarter of all attacks used lateral movement. Additionally, one out of every 10 respondents said lateral movement was part of at least half of their engagements, and an earlier VMware report discovered that almost half of all intrusions included lateral movement.
So, what exactly is lateral movement?
After an attacker succeeds in a compromise, they may move laterally across connected systems and devices to gain access to more assets. This enables them to move across multiple components of a network.
According to a report from IBM, in 2022, it took an average of 277 days for organizations to identify a breach and contain it. That’s about 9 months. Just think of how much damage a threat actor could do if left to move through your network for nine months without being noticed and stopped.
So, what can you do to build stronger defenses? Here are five ways you can work against attackers to stop lateral movement:
- User administration and management are critical. Every person who accesses your systems and network should have a user account with login credentials. Adopt a least privilege approach to user management, ensuring your users only have access to what they need to do their jobs.
- Deploy anti-malware. Attackers love to wreak havoc while they move through your systems. Often, they’ll leave ransomware and other goodies behind so that if you discover and stop one movement, they may still have opportunities to deploy more. Use anti-malware to keep an eye on the data coming into and out of your network so you can stop a ransomware attempt before it becomes an infection.
- Use MFA. Threat actors are honing their skills when it comes to phishing and social engineering and they’re getting better at stealing credentials to move through your networks. To help decrease the impact of credential theft, consider employing some type of multifactor authentication (MFA) to make this more challenging. And, most importantly, be sure to routinely train and educate your staff about what MFA is, how it functions, and the do’s and don’ts related to requests and approvals.
- Mandate strong passwords with routine updates. Attackers are great at hacking through weak passwords. That’s why it’s critical to train your employees about password best practices. In addition to that, implement a password management system that requires your users to use strong passwords and routinely change them to decrease the likelihood of compromise.
- Segment your network and routinely back up data. Interconnectivity makes lateral movement possible, so, where you can, employ network segmentation that makes it more difficult for attackers to access your systems and data. In addition to that, conduct routine data backups and consider storing those backups in different locations so that if you’re a victim of an attack, you can more quickly respond, recover, and resume operations as normal.
Follow along in our 12 Days of Cybersecurity on our LinkedIn. Learn more about how Apptega can simplify day-to-day cybersecurity and compliance management and schedule a custom tour of the Apptega platform.
*** This is a Security Bloggers Network syndicated blog from Apptega Blog authored by Cyber Insights Team. Read the original post at: https://www.apptega.com/blog/why-attackers-bank-on-lateral-movement-and-how-to-stop-them
