View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 6, 2017

From reconnaissance to exploitation, the lifecycle of a cyber attack

“The volume, velocity and impact is higher than it’s ever been.”

By CBR Staff Writer

The nature of today’s cyber attacks may look very familiar from an historical perspective but they differ in some significant ways, according to Ross Brewer, Vice President and Managing Director of LogRhythm. “The volume, velocity and impact is higher than it’s ever been,” he told CBR TV.

Whether its criminal gangs, governments or individuals attempting to hack into networks, each is taking a “methodical approach” to how they exfiltrate data, Brewer said.

Typically, the threat lifecycle will follow a similar pattern, the first stage of which is reconnaissance. At this stage, the criminal will seek to understand as much about the target individual and company as possible. This might mean trawling social media footprints, looking for vulnerabilities across internet-facing infrastructure or, brazenly, calling people up and tempting them to share passwords.

After reconnaissance comes the initial compromise, explained Brewer. This might be a phishing email, for example, or a more targeted spear phishing attack. Once an email or attachment is opened, this triggers malware which in turn gives the attacker “command and control”. This allows for the issuing of further instructions, taking over an individual machine or moving laterally, looking to access other assets or gain more credentials that means the criminal can move deeper into an organisation.

“And once they’ve identified the systems where the crown jewels sit then [the criminal will] look to extract, corrupt or destroy that data – or hold that data to ransom.”

If that’s the nature of the threat, how should organisations approach security to combat it? “Think about automating the detection of threats at those embryonic states – at the compromise stage or even the reconnaissance stage,” Brewer advised. Organisations need to reduce their mean time to detect and their mean time to respond to an attack. “The sooner in the cycle you can detect the threat the less damage can be done.”

From an operational point of view, Brewer said it was important to avoid what he called “swivel chair analysis”, namely using multiple security technologies – independently and in sequence – to look at different aspects of the threat. “The data set is often duplicated, in different formats and it doesn’t flow from one platform to the next,” said Brewer. Instead, organisations should use a “single pane of glass” approach, “a single threat lifecycle platform that automates a lot of the capabilities, reduces the time to detection and makes them more effective in their response.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Artificial intelligence will play an increasing role in helping manage organisational security. “Automation is key,” said Brewer. “If you think about the data set and how large it is, it’s not humanly possible to get across it all. It doesn’t matter how many analysts an organisation has – and, in fact, there’s a massive shortage of analysts globally. So the next opportunity we have is through machine analytics – using AI, deep learning, machine learning.”

Threat Lifecycle Management: Accelerate your threat detection and response


Artificial Intelligence: Making Security Smarter


Ross Brewer was talking to CBR TV. The interview took place on 5 September 2017 in central London.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.