Lateral movement is a term in cyber security that describes a step in a typical attack chain involving the move in a network from an initial hijacked internal endpoint; with the overall intent to hijack critical systems in order to exfiltrate data or interrupt operations e.g. by distributing ransomware. Hijacking in the first place can happen in various ways, such as through malicious emails, websites or portable storage. The lateral movement step is actually a recursive effort to spread from already hijacked and externally-controlled internal endpoints to other - at this stage not hijacked - internal endpoints using unknown and unpatched vulnerabilities. What is to be done? Detection and remediation Eventually, detection works most efficiently by recognizing unusual application behavior and traffic patterns, both in the network and on managed endpoints. The latest advancements in machine learning and articial intelligence have opened up significant new possibilities to automate rapid ...
Network engineering insights and thoughts