BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

7 Steps of a Cyber Attack and What You Can Do to Protect Your Windows Privileged Accounts

September 13, 2017

  • Blog
  • Archive

7 Steps of a Cyber Attack and What You Can Do to Protect Your Windows Privileged Accounts

Today, more than 1.2 billion people use Microsoft Office in 140 countries and 107 languages around the world. According to Microsoft, 80% of Fortune 500 companies are now in the Microsoft Azure cloud, and more than 400 million devices are running Windows 10.

Regardless of what your opinions might be regarding how Windows stacks up versus some other product like Linux or Unix— when it comes to security, the point is that you probably use Microsoft products over the course of a workday, and therefore need to know how to protect your privileged Windows accounts.

Whether obtained maliciously or leveraged inappropriately by a valid user, exploited privileged user accounts are now the chief cause of most data breaches. As your environment become more complex, so increases the challenge of defending against ever more sophisticated, and damaging, cyber attacks.

To learn how to protect your organization, download this white paper: “7 Steps of a Cyber Attack and How to Protect Your Windows Privileged Accounts”

Why Windows Privileged Accounts are in the Crosshairs

Today, Windows privileged accounts are routinely exploited, resulting in data breaches, damaged networks/systems, and frequently, leaving organizations susceptible to future exploits as the attackers remains undetected, or has installed rootkits or other malware allowing him/her to easily sneak back in.

Regardless of how an attacker gets into your network—a phishing attack, stolen credentials, malware, etc.—once inside your network, the modus operandi is almost invariably to seek out privileged accounts and escalate privileged access. Why is this pathway and behavior so predictable?

Whitepapers

7 Steps of a Cyber Attack and What You Can do to Protect Your Windows Privileged Accounts

Simply put, privileged accounts provide attackers with the ability to act as an insider. Since many organizations have inadequate control, auditing, and reporting capabilities over privileged accounts, once with “insider access”, attackers can move undetected, even erasing any trail of their activity.

The 7 Steps of a Cyber Attack

While there are many flavors of attack types, there are several common elements and steps shared by successful cyber attacks:

1. Reconnaissance

Before launching an attack, hackers first identify a vulnerable target and explore the best ways to exploit it. The attacker is looking for a single point of entry to get started.

2. Scanning

Once the target is identified, the attacker attempts to identify a weak point that allows him or her to gain access. Often, this step progresses slowly as the attacker searches for vulnerabilities.

3. Access and Escalation

Once a weak spot is discovered, the next step is to gain access and then escalate privileges to allow the attacker to move freely within the environment. Once the attacker has access and privileges are escalated, they have effectively taken over your system.

Use Endpoint Privilege Management to enforce least privilege and remove local admin rights on Windows, Mac, Unix, Linux, and network devices - all without hindering end-user productivity.

Remove Admin Rights Watch the Video

4. Exfiltration

Now that the attacker can freely move around the network, he / she can now access systems with an organization’s most sensitive data and take his / her time extracting it.

5. Sustainment

With unrestricted access throughout your network, the attacker seeks to remain undetected for as long as possible by secretly installing malicious programs, like root kits, that allow the attacker to return as frequently as desired.

6. Assault

This step, while not always part of an attack, is the stage when the hacker might change the functionality of your hardware, or disable it altogether. Once accomplished, the attacker has effectively taken control of your network, making it too late for you to defend yourself.

7. Obfuscation

Usually the attackers want to hide their tracks, but sometimes the bold hacker may want to leave a “calling card” behind to brag about his or her achievements. While doing so, the attacker tries to confuse, disorient, and divert your forensic examination process with log cleaners, spoofing, misinformation, backbone hopping, zombie accounts, Trojan commands, etc.

Today, comprehensive least privilege is paramount. Access to privileged accounts should be controlled and audited, and passwords must be changed frequently to prevent these types of attacks.

To learn how to protect your organization, download this white paper: “7 Steps of a Cyber Attack and How to Protect Your Windows Privileged Accounts”

Whitepapers

Microsoft Vulnerabilities Report 2021

Photograph of Derek A. Smith

Derek A. Smith, Founder, National Cybersecurity Education Center

Derek A. Smith is an expert at cybersecurity, cyber forensics, healthcare IT, SCADA security, physical security, investigations, organizational leadership and training. He is currently an IT Supervisor at the Internal Revenue Service. He is also owner of The Intercessors Investigative and Training Group (www.theintercessorgroup.com). Formerly, Derek worked for several IT companies including Computer Sciences Corporation and Booz Allen Hamilton. Derek spent 18 years as a special agent for various government agencies and the military. He is also a cyber security professor at the University of Maryland, University College and Virginia University of Science and Technology and has taught for over 25 years. Derek is retired from the US Army and also served in the US Navy, and Air Force for a total of 24 years. He is completing his Doctorate Degree in Organizational Leadership and has completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a BS in Education. Derek has written several books including Cybersense: The Leaders Guide to Protecting Critical Information, and its companion workbook, and he has contributed to several other books as an author and technical adviser.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

KuppingerCole Executive Review - BeyondTrust Endpoint Privilege Management

Webcasts

Ransomware in 2021: How to Strengthen and Fund Your Cyber Protection Measures

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.