Support Login.

nineteen − 14 =

Login  
 

Cyber Attacks that Begin with Reconnaissance

Home / Solutions / Cyber Attacks that Begin with Reconnaissance

Reconnaissance Attack Threat Vector

Reconnaissance attacks begin with a scan of the network from the infected endpoint to locate the asset and services an attacker wants to target. Varieties of reconnaissance include active, random IP as well as stealth scanning. A popular example of a scanning attack would be Conflicker, an extremely aggressive worm that initially attacked in 2008 and has now morphed to be known as Downadup, which includes five known variants – Conficker.A through Conficker.E.

Attivo can detect all varieties of scanning with deception-based threat detection solutions. The BOTsink deception platform engages attackers by hosting network services across multiple virtual machines, IP services, and subnets luring attackers into revealing themselves as soon as they start to look for your high-value assets.

Kill Chain

A “kill chain” is the progression an attacker often follows when planning and executing an attack. Analyzing malware and tools associated with the target helps build a picture of how the attacker gained access to sensitive systems and ultimately, exfiltrate stolen data.

How Attivo Works in the Kill Chain

Attivo solutions are an effective way to engage attackers anywhere across the enterprise network –clients, servers, and services. As attackers look for high-value assets they will scan Attivo as part of the network. Once a scan, probe or ping occurs,  Attivo will immediately alert you to suspicious activity.

  • Pre-Detection: Attivo Solutions are effective in the Reconnaissance (Recon) and Delivery phases when the attackers are probing for vulnerability and identifying the assets to target and beginning their attack.
  • Attivo uses deception credentials placed on endpoints and nodes to make every device a lure that will attract the attacker to the Attivo BOTsink platform vs. company servers
  • Designed for authenticity with real operating systems and full network services, Attivo deception looks and operates exactly like other company servers. Golden images can also be loaded for additional authenticity.
  • As an attacker begins to spread in order to maintain presence and to find high value targets, lateral movement using internal reconnaissance and use of stolen credentials can happen over days, weeks or months.
  • Attivo solutions are extremely effective in detecting lateral movement within the network and east-west traffic within the data center, by luring attackers to engage with BOTsink deception servers.
  • Post-Detection: Once the attack is underway, and attackers have engaged with the Attivo Solution, in-depth visibility on the FULL cycle of the kill chain will be provided including IP addresses of infected clients.

Attivo brings a much needed addition to traditional prevention security solutions which are based on known attack signatures and therefore cannot by design, reliably detect zero-day signature-less attacks, address the use of stolen employee credentials or protect effectively against ransomware and spear phishing campaigns.

A seamless and non-disruptive addition to existing security infrastructure, Attivo deception-based threat detection closes the gap on security vulnerabilities and provides a critical line of defense for detecting attackers before they have time to complete their attack and cause a data breach or harm to critical infrastructure.

Learn more about Attivo BOTsink Deception Technology

Resources

Attivo Networks General Information

Attivo Networks At-a-Glance

Attivo Data Sheets and White Papers

Know What’s Lurking in Your Network White Paper
Defense in Depth with Amazon Web Services
Dynamic Deception for Industrial Automation and Control Systems
Leveraging Deception for Visibility into Inside-the-Network Threats

  • All it takes is one breach and you would have paid for your entire (breach detection) product.

    Mike Spanbauer , Vice President of Research, NSS Labs.

  • It’s striking how many layers of obfuscation that the group adopts. These groups are innovating and becoming more creative.

    Jennifer Weedon, FireEye Strategic Analysis Manager

  • 17,000 malware alerts per week 40% of malware goes undetected

    Fred Donovan , Fierce IT security

  • There's two kinds of CIOs: ones who have been hacked and know it, and those who have been hacked and don't yet realize it. But the reality is, you've been hacked,

    Tony Scott, Federal CIO