Abstract
To a threat actor, lateral movement means all the difference between compromising a single resource and potentially navigating throughout an organization to establish a persistent presence. Their goal is to remain undetected and ultimately conduct their nefarious mission even if some defenses manage to track their infiltration. While the hacker might succeed based on an opportunistic phishing attack or a targeted attack based on stolen credentials or an exploit, lateral movement is the means to find data of value, compromise additional assets, execute malware, and ultimately own accounts and identities to continue their attack. Lateral movement, by the most traditional definition, is the ability to pivot from one resource to another and to navigate among other resources in any environment. The key word for our conversation today, and why we need to talk about lateral movement, is not about assets however; it is about “resources” since they can be so much more than just computers and applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Morey J. Haber, Darran Rolls
About this chapter
Cite this chapter
Haber, M.J., Rolls, D. (2020). A Nuance on Lateral Movement. In: Identity Attack Vectors. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5165-2_2
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5165-2_2
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5164-5
Online ISBN: 978-1-4842-5165-2
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)