An attacker may come into your network through a phishing or driveby attack, or as an insider with external media or privileged system user access. User privileges are what rights the user has to 1) access a system and 2) what they can do with that access. The outcome of all of these mechanisms is that the attacker becomes an insider, if they aren’t already one, and sits on your corporate network bypassing all other cyber security measures.
The attackers goal is to escalate – increase – their privileges (that is, increase their rights to access systems and information and increase what they can do with that access) through your network and those you are interconnected with. A combination of methods may be used to achieve this as variously touched on in our Gotcha! book.
Once inside, the attacker may seek to do more things by using various methods to insert back doors, place wipers or other malicious activity to steal, destroy or degrade your and others’ data over time.
While they are doing these things they may distract with something like a DDoS attack so resources are focussed on that obvious problem at hand diverting them from the more serious compromise that may be happening in your network.
It doesn’t matter if you are an individual, a small business, a large corporate or a government agency. Attacks are generally initiated in the same way, regardless of the desired outcome, and can have the same devastating impact.
This is the Gotcha!.