12 Questions
What is the initial entry point for attackers in the described scenario?
Exploiting vulnerabilities in VPNs
Which Zscaler product can help prevent initial compromise by establishing a foothold through phishing?
ZIA capabilities
What technique might attackers use to deliver malware in the initial compromise stage?
Phishing with malicious email links
What follows privilege escalation in the attack progression described?
Lateral movement
Which Zscaler capability helps in stopping data loss in the described scenario?
Cloud DLP
What is the last stage in the ransomware attack progression described?
Demanding payment after installing ransomware
What are the four high-level stages of an attack described in the text?
Reconnaissance, Initial Access, Lateral Movement, Data Exfiltration
What is the purpose of the initial compromise stage in an attack?
To gain an initial foothold on the target system
What is the goal of the lateral movement stage in an attack?
To identify and compromise additional systems within the target network
What technique do attackers use to find sensitive assets if the target network is not segmented?
Living off the land
What is the purpose of the data exfiltration stage in an attack?
To steal sensitive data from the target system
What types of attacks can be mapped to the simplified framework described?
Any attack, including advanced supply chain attacks and ransomware
Study Notes
Stages of an Attack
- Attackers look for exposed endpoints in the attack surface, which can be public servers, VPN users, etc.
- The attackers execute their initial compromise using techniques like phishing, spear phishing, or malicious files.
- Once they gain access to a target system, they aim to identify critical and sensitive data and assets.
Lateral Movement
- Attackers move laterally to identify sensitive assets by using techniques like "living off the land" or exploiting unsegmented networks or exposed applications.
- They can use techniques like malvertising or keylogging to steal credentials and figure out what and where other sensitive assets are.
Data Theft and Ransomware
- Attackers steal data and may use it in a "double extortion" attack, where they encrypt the data in addition to exfiltrating it, giving them extra leverage.
- In the case of ransomware, attackers may demand payment after installing the ransomware and stealing data.
Zscaler Products Against Attacks
- Zscaler products can stop attacks at different stages, including:
- ZPA (Zscaler Private Access) for attack surface and lateral movement.
- ZIA (Zscaler Internet Access) for initial compromise, with capabilities like secure web gateway, IPS, Cloud Sandbox, and Cloud Browser Isolation.
- Data protection capabilities like cloud DLP, cloud CASB, and Workload protection for stopping data loss.
- Deception capabilities to eliminate lateral movement.
Learn about the four high-level stages of an attack according to the MITRE ATT&CK framework. Understand how attackers identify the attack surface, execute their initial compromise, escalate privileges, and achieve their objectives.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free