Cymulate’s Lateral Movement Assessment solution tests your WDN configuration using a sophisticated lateral movement algorithm.
Once the perimeter defenses of an organization fail, allowing an attacker to bypass end point security controls and providing the attacker a foothold in the organization (See End Point Assessment). Lateral movement inside a Windows Domain Network is a common next step in a penetration scenario. Organizations deploy numerous security solutions and controls in order to prevent such movement. Whether as part of the internal policy configuration or a specified security solution, organizations depend on it to monitor, detect, and prevent lateral movement. As threat actors move deeper into the network, their movements and methods become more difficult to detect especially when they utilize Windows features and tools typically used by IT administrators (e.g., PowerShell). Gaining administrative privileges also makes threat actors’ activities undetectable and even untraceable. Some well-known examples were the WannaCry and NotPetya attacks which wreaked havoc during 2017 and even reappeared during Q1 of 2018. The NotPetya attack literally shut down the operations of the shipping giant Maersk, causing hundreds of millions of dollars in damages. Such attacks can force small companies to close down permanently. They can also interrupt emergency operations and surgeries as seen during the WannaCry campaign which hit the NHS’s 87 hospitals and medical centers in the UK. These attacks were using a very powerful exploit called “Eternal Blue” to spread and laterally move within networks.
Based on research and our own experience, once attackers manage to move laterally within a compromised network, they have on average around one month to conduct their malicious activities without being detected.
Manmade methodologies to penetrate organizations and simulate hacker breach spots are limited in speed, volume and scope. Cymulate’s Hopper assessment simulates a compromised workstation inside the organization and exposes the risk that can occur by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.
The platform uses a sophisticated and efficient algorithm to mimic all the common and clever techniques that the most sophisticated hackers use to move around inside the network.
The assessment results are presented in a comprehensive report in an easy-to-understand format. This allows the organization to view its security posture and take action to update and upgrade where necessary. Mitigation recommendations are offered for each threat that has been discovered depending on the type of attack and phase it reached in its distribution method.