|
Since the system which was first infected by malware may not necessarily be (the most) valuable, it will usually attempt to propagate within the network to fulfill its mission. In most cases propagation requires administrative rights to be effective, even if only on the compromised system (vs the entire domain). As such, most attacks in this section assume the attacker has administrative privileges. |
For example, Ransomware will attempt to find as many hosts as possible where it can encrypt data, whereas state-sponsored spyware may spread in an attempt to elevate their privileges and ultimately gain access to more sensitive data.
Whatever the reason, one should assume that an infected system will rarely remain the only one. Consequently it's equally as important to protect the inside of a network as it is to protect & monitor the external perimeter of a network.
This section examines the most common methods malware employs to spread within the network, how to protect yourself, and how this can be detected with EventSentry.
