top of page
Search

Disrupting the Hacker Timeline – Why Fast Matters in Cybersecurity



The Threat Landscape by the Numbers


One of the only consistent aspects of the cyber threat landscape is that you can count on it to shift (and quickly, too). In last year alone, organizations around the world saw a record-breaking year of cyberattacks showing increased variety and severity. The following findings from 2021 reflect the current state of the threat landscape:

  • Cyberattacks increased 50% year-over-year with businesses facing 925 attacks per week worldwide (Checkpoint Research)

  • Globally, 30000 websites were hacked daily (Web Arx Security) and, every 39 seconds, there was a new attack on the web (University of Maryland)

  • The average cost of data breaches rose from $3.86 million in 2020 to $4.24 million in 2021 (Ponemon Institute & IBM)

  • Governments worldwide noted a 1885% increase in ransomware attacks (SonicWall)

This is the same landscape that is witnessing increasing rates of successful advanced persistent threats (APTs). Due to the use of lateral movement techniques, threat actors are quickly infiltrating networks through low-level web servers, endpoint devices with weak protection, or compromised email accounts. Once inside, the real damage begins. There, the actors secure their foothold and start to move laterally through the remainder of the network to locate their targeted assets and encrypt sensitive data for ransom.


Understanding The Hacker Timeline


Let’s take a closer look at the hacker timeline – how threat actors move before, during, and after their attack. The timeline is defined by five phases:

  1. Planning: During this phase, threat actors will select their target, perform research and collect all exploitable aspects of their target, and decide on their attack vector.

  2. Intrusion: Common intrusion techniques include spear phishing, insider threats, or exploiting zero-day vulnerabilities. Based on the research the actors collected in the planning, they can tailor their intrusion methods.

  3. Enumeration: Once the threat actors have infiltrated the targeted environment, they work swiftly to figure out: Who am I? Where am I? Where can I go? Who do I need to be? They hide evidence of their entry and will aim to steal credentials allowing them to elevate their access and permissions.

  4. Lateral Movement: In this phase, the main goals of the actor are to steal data, establish persistence, hunt users, and distribute their toolset and malware.

  5. Completion of Objective: Once the malicious toolset/malware has been deployed, threat actors will perform data exfiltration and usually delete any backups and corrupt local files and folders, making it harder for incident response teams to restore the environment back to its normal working state.

Why Fast Matters in Cybersecurity