Cyber adversaries are better than ever at infiltrating systems. And once they gain access to a company’s network, hackers often stay in the shadows to conduct reconnaissance. They silently watch and learn how to exploit security weaknesses like default settings to achieve their objectives by surprise. In the MITRE ATT&CKTM framework, this digital prowling is known as “discovery.” Smart businesses can blunt the impact of a breach by denying intruders this opportunity to get oriented.
Many business leaders are familiar with attackers’ common methods for breaching systems. However, the tools and techniques that hackers use to perform reconnaissance once they have gained access are less well known. Understanding this discovery phase of a cyberattack can make you more prepared to counter such activities and downstream consequences. The actions to take are tactical but they can make all the difference by enabling businesses to stay on strategy and sustain operations.
A note about this series: This is the first in a series of bulletins on common tradecraft used by threat actors and technical mitigation that organizations can apply. We will use the attack life cycle according to the MITRE ATT&CKTM Enterprise Phases. We will start by exploring the discovery phase as it applies to Active Directory
Christopher Duffy
Kevin Costello
Katie Piccininni