Skip to content Skip to footer

Loading Results

Inside the discovery phase of a cyberattack – and what you can do to counter it

Cyber adversaries are better than ever at infiltrating systems. And once they gain access to a company’s network, hackers often stay in the shadows to conduct reconnaissance. They silently watch and learn how to exploit security weaknesses like default settings to achieve their objectives by surprise. In the MITRE ATT&CKTM framework, this digital prowling is known as “discovery.” Smart businesses can blunt the impact of a breach by denying intruders this opportunity to get oriented.

Many business leaders are familiar with attackers’ common methods for breaching systems. However, the tools and techniques that hackers use to perform reconnaissance once they have gained access are less well known. Understanding this discovery phase of a cyberattack can make you more prepared to counter such activities and downstream consequences. The actions to take are tactical but they can make all the difference by enabling businesses to stay on strategy and sustain operations.

A note about this series: This is the first in a series of bulletins on common tradecraft used by threat actors and technical mitigation that organizations can apply. We will use the attack life cycle according to the MITRE ATT&CKTM Enterprise Phases. We will start by exploring the discovery phase as it applies to Active Directory 

Authors / Contributors

Christopher Duffy
Kevin Costello
Katie Piccininni

Contact us

Christopher Morris

Principal, Global Secure Terrain Leader, PwC US

Gerasimos J. Stellatos

Incident Response Leader, PwC US

Kevin Simmonds

Principal, Cybersecurity & Privacy, PwC US

Amandeep Lamba

Principal, Cybersecurity and Privacy, PwC US

Emily Stapf

Cybersecurity, Privacy & Forensics Integrated Solutions Leader, PwC US

John Boles

Principal, Cybersecurity and Privacy, PwC US

Follow us