Lateral Movement

Discussion

Lateral movement occurs when a threat actor gains access to one computer and then compromises other computers within an organization. It is a nightmare incident response process because every computer has to be analyzed to determine if it has been compromised. Imagine an organization with 100s or thousands of computers. Other security monitoring tools within the organization can help determine the scope of the attack. However, some organizations are so badly infected that they have to rebuild their entire network or certain parts of it.

Questions

• Based on this lab, do you understand how it only takes one compromised host which can lead to a compromise of other hosts on a network?

When I attended the cybersecurity conference in early October one of the panels talked about compromised systems in corporate environments. While I learned a lot at the conference I learned better by doing physical labs.

• What did you like the most and least about this assignment?

I enjoyed seeing the scope of just how many systems a threat actor can compromise in an attack. I didn't enjoy using Windows XP, would love to try windows 7.

• Do you have any other questions?

What organizations are mainly affected by these attacks? Why would a hacker use lateral movement, instead of a different mode of attack? How can you stop these attacks? Is this attack often done by phishing emails? Can this happen by employees bringing external devices to the company or organization? Can you obtain any sensitive data in this attack?