Inside the discovery phase of a cyberattack – and what you can do to counter it

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Cyber adversaries are better than ever at infiltrating systems. And once they gain access to a company’s network, hackers often stay in the shadows to conduct reconnaissance. They silently watch and learn how to exploit security weaknesses like default settings to achieve their objectives by surprise. In the MITRE ATT&CKTM framework, this digital prowling is known as “discovery.” Smart businesses can blunt the impact of a breach by denying intruders this opportunity to get oriented.

Many business leaders are familiar with attackers’ common methods for breaching systems. However, the tools and techniques that hackers use to perform reconnaissance once they have gained access are less well known. Understanding this discovery phase of a cyberattack can make you more prepared to counter such activities and downstream consequences. The actions to take are tactical but they can make all the difference by enabling businesses to stay on strategy and sustain operations.

A note about this series: This is the first in a series of bulletins on common tradecraft used by threat actors and technical mitigation that organizations can apply. We will use the attack life cycle according to the MITRE ATT&CKTM Enterprise Phases. We will start by exploring the discovery phase as it applies to Active Directory 

Authors / Contributors

Christopher Duffy
Kevin Costello
Katie Piccininni

Contact us

Christopher Morris

Principal, Global Secure Terrain Leader, PwC US

Gerasimos J. Stellatos

Principal, Cybersecurity and Privacy, PwC US

Kevin Simmonds

Principal, Cybersecurity & Privacy, PwC US

Amandeep Lamba

Principal, Cybersecurity and Privacy, PwC US

Emily Stapf

Principal, Cybersecurity and Privacy, PwC US

John Boles

Principal, Cybersecurity and Privacy, PwC US

Follow us