Attack Lifecycle
Because attackers can compromise your system at various levels and use different techniques to perform malicious activities, the Cybereason platform monitors and detects MalOps during various stages of an attack lifecycle.
In this topic:
What is the attack lifecycle?
Cyber attacks generally follow a similar pattern, described as the cyber attack lifecycle:
Stage/Activity type |
A MalOp is triggered by… |
---|---|
Infection |
Signs of known and unknown malware, malicious tools, and exploits that attackers use to gain an initial foothold in your environment. |
Privilege escalation |
An attacker attempts to gain higher levels of access to resources within your environment. |
Scanning |
An attacker attempts to scan internal network devices in search of weaknesses such as open ports or weak protection of data in transit. |
Lateral movement |
An attacker attempts to expand their foothold within your environment. Examples include Pass the Hash and Pass the Ticket techniques. |
Command and control |
An attacker sends network traffic between your environment and their servers. An example is a Domain Generated Algorithm. |
Data theft |
An attacker attempts to collect or exfiltrate data from your environment. |
The Cybereason platform identifies the part of the attack lifecycle as an Activity Type when the platform generates a MalOp.
You can view where MalOps are located along the attack lifecycle in the Discovery board.