Displaying items by tag: Attackers

The recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was a very sophisticated one. Even in the beginning when news of this first broke it was fairly clear that this was not just another breach. It was targeted and very specific. In looking over the two reports Mandiant has released on the incident we can identify a few things about this attack that could be helpful in identifying and preventing future attacks.

Black Hat 2017, Las Vegas, NV -
When an attacker gains a foothold in a network the first thing they need to do is learn the lay of the land. They have done some research on the target to gather information about possible systems they might encounter. In reality, they do not truly know what is going on. They are likely to have hit an exposed system with little true access into the good parts of the network. They are going to need to check shares, network connections and also scrape memory for and stored credentials. With these in had they begin the process of moving around the network and building their map of the target environment.