McAfee Enterprise’s Advanced Threat Research (ATR) team released a research investigating widely adapted credential theft attacks executed by adversaries. Within the research, the team examined a variety of tools and techniques used by adversaries to execute credential theft attacks. as well as an analysis of defense techniques that could be used to detect deceptive credential usage in the network.
The research points out there is a long-standing problem of detecting lateral movement and because of this enterprise networks must formulate active in-network defense strategies to effectively prevent attackers from accessing critical network resources.
Through their research, McAfee Enterprise Threat Researchers have highlighted the following:
- Credential theft is one of the primary tasks attackers need to perform post exploitation and after gaining initial control of the target machine. It will usually be the first step towards lateral movement strategies which will allow attackers to elevate their privileges and acquire access to other network resources.
- To counter this, Network Deception active defense techniques to build the deceptive network infrastructure which could potentially lead to redirecting an attacker’s lateral movement path and engaging them to the decoy services without touching the critical production systems.
- It involves placing decoy systems, decoy credentials and decoy contents all throughout the production network essentially converting it into a trap, playing a crucial role in mitigating the attacks.