the hour-by-hour breakdown of a threat actor inside … · title:...

USE THREAT INTELLIGENCE TO KNOW WHEN YOU’RE A TARGET

EMPLOY STRICT PATCHMANAGEMENT PROCESSES

LEVERAGE BATTLE-TESTED SECURITY TO REDUCE DWELL TIME

Quite simply, threat actors are

‘finding the slow gazelle’ in order

to know which environment is

most susceptible to attack.

TARGET OBSERVATION & SELECTION

It’s time to plot the attack. The

infiltrators organize their assets,

finalize their objective and ready

their salvo for deployment.

DROP THE CROSSHAIRS

They’ve quickly identified

a vulnerability within your

defense. It didn’t take long.

A breach is imminent.

TARGET YOUR WEAKNESS

Once identified, threat actors get to

work mapping and detailing your

network, users and any critical or

valuable data points that may be

leveraged for their operation.

MAP A BATTLE PLAN

Threat actors use gathered

intelligence and begin probing

identified access points that

may offer little resistance

to complete their objective.

BEGIN THE ATTACK

One of the most critical steps,

threat actors are careful to

mask their behavior and

obfuscate their identity as that

of a normal or authorized user.

HIDE INSIDENETWORK SHADOWS

They’re in. In fewer than six

hours, they’ve mapped your

network, identified weaknesses

and now have access.

LET THE DATA FLOW

Before they’ve even stolen your

data, they’re already planning

their escape. This is critical.

PLAN EXFILTRATION

It’s not bolted down? Steal it.

Assuming the threat actors

didn’t have a high-value target

(e.g., credit cards, ePHI, EMR, PII)

already in mind, they’ll likely

take as much data as possible

and organize it later.

STEAL EVERYTHING

It’s time to execute the

exfiltration plan. They have

your data and now it’s time

to cut bait and get paid.

WALK OUT THEFRONT DOOR

You know what’s even more

valuable? An unlocked

backdoor. Savvy threat actors

will set up a path for future

access for additional gains.

SET UP FUTURE ACCESS

If they didn’t already have a

pre-arranged buyer, threat actors

begin selling off your data — and

that of your customers — to the

highest bidders on Dark Web

message boards, chat rooms,

auctions, paste sites and other

nefarious communities.

SELL YOUR SECRETS

US DataVault.com | 615-933-USDV (8738) |

@usdv_mhs

1200

FIGHT BACK?HOW DO YOU

Once a threat actor is inside your environment, they’re

purposeful, strategic and discreet. But how are they so

decisive and successful? Follow their eye-opening

hour-by-hour journey through your “secure” environment.

THE HOUR-BY-HOUR BREAKDOWN OF A THREAT ACTOR INSIDE YOUR ENVIRONMENT

xxx xxx

0400

0800

0100

0200

0300

0600

0700

0900

1000

0500

1100