Lateral movement (cybersecurity) explained

Lateral movement refers to the techniques that cyber attackers, or threat actors, use to progressively move through a network as they search for the key data and assets that are ultimately the target of their attack campaigns.[1] [2] [3] While development of more sophisticated sequences of attack has helped threat actors develop better strategies and evade detection as compared to the past, similar to planning a heist, cyber defenders have also learned to use lateral movement against attackers in that they use it to detect their location and respond more effectively to an attack.[1]

ATT&CK framework

Lateral movement is a part of ATT&CK framework, within the 14 categories of Tactics, Techniques, and Procedures.

Notes and References

  1. http://www.securityweek.com/lateral-movement-when-cyber-attacks-go-sideways Lateral Movement: When Cyber Attacks Go Sideways
  2. http://www.raytheon.com/capabilities/rtnwcm/groups/cyber/documents/content/rtn_269210.pdf Cyber Dwell Time and Lateral Movement
  3. https://www.fireeye.com/blog/executive-perspective/2015/08/malware_lateral_move.html Malware Lateral Movement