What tools do attackers use? The 2016 Cyber Weapons Report seeks to address this question by analyzing attack behaviors in real-world environments. This report focuses on the anomalous activity that occur after the initial intrusion, including command and control, reconnaissance, lateral movement and data exfiltration. That activity is then traced back automatically to the originating process, using a technology called Network to Process Association. This results in a first-of-its-kind quantitative view of attack tools.
Attackers leverage a variety of tools and techniques to expand their footprint. The 2016 Cyber Weapons Report focuses on the vast set of native operating system services, admin software, and reconnaissance tools attackers use while learning and spreading within compromised organizations. By using these tools, attackers can remain undetected for months. It is time for the industry to understand the scope of tools in play, and explore mechanisms to detect anomalous attack activity.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program