Once an organization’s perimeter defenses fail and endpoint security is bypassed, providing the attacker a foothold in the organization (see Endpoint Security Vector) lateral movement inside the network is a common next step in a penetration scenario. Organizations deploy numerous security solutions and controls in order to prevent such movement. Whether as part of their internal policy configuration or a specific security solution, organizations depend on various controls to prevent, detect and monitor lateral movement.
As threat actors move deeper into the network, their movements and methods become more difficult to detect especially when they abuse Windows features and tools typically used by IT administrators (e.g., PowerShell). Gaining administrative privileges also makes threat actors’ activities undetectable and even untraceable. Some well-known examples were the WannaCry and NotPetya attacks, the latter which literally shut down the operations of the shipping giant Maersk, causing hundreds of millions of dollars in damages.
Such attacks can force small companies out of business. They can also interrupt emergency operations and surgeries as seen during the WannaCry campaign which hit dozens of NHS hospitals and medical centers in the UK. These attacks used a powerful exploit called Eternal Blue to spread and laterally move within networks.
Based on research and our own experience, once attackers manage to move laterally within a compromised network, they have on average three months to conduct their malicious activities without being detected.
Manual methodologies to penetrate organizations and simulate hacker breach spots are limited in speed, volume and scope. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.
The platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.
The Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations. By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.