Lateral movement has been a common factor in breaches for some time. As the effectiveness of perimeter defences has been gradually eroding, the main issue for attackers is no longer how to get into an organization – but how to move across the network to access their final target.
The typical environment has developed over time into a fragmented collection of technical resources – a variety of applications, servers, IT infrastructure, cloud workloads and more. While these resources are separate, they are all connected by identity and access management– the infrastructure governing access throughout.
This is what attackers use to move laterally. Starting at patient zero, they move from one machine to another by abusing identity until arriving at their target destination to drop ransomware, steal sensitive information and more.