Gunter Ollmann writes:
The majority of network breaches begin and end with the installation of malware upon a vulnerable device. For the rest, once that initial malware beachhead has been achieved, the story is only just beginning.
The breach disclosures that make the news are often confusing as they’re frequently compiled from third-hand reports, opinions and technical assumptions. More often than not, they include a discussion about the malware — how advanced it was, etc. — and whether any 0-day vulnerabilities were likely used by the mysterious attacker. And then there’s usually a description of the data the attacker may have been able to obtain, and how they could use it for various forms of evil in the future.
The bit that’s missing — and it happens to be the really juicy bit — is how the attacker managed to navigate the victim’s network, take command of the system that held the data, and extract their ill-gotten gains past all those protection systems.
Read more on CircleID