From Where We Sit
In the aftermath of a cybercrisis
It started without warning when the malware hit Prix Healthcare Inc.’s servers. The new strain infected the company’s systems like silent wildfire, burning through the cyber kill chain unabated. The hacker advanced easily from each step on the kill chain; he harvested enough email addresses during his reconnaissance to know all about Mark’s secret affair with a staff member, that he enjoyed a high-speed virtual private network connection to the office’s network, and that Mark maintains several personal email addresses. He weaponized his exploit of choice into an unassuming PDF (portable document format) file, and delivered the payload as an email masquerading as a legitimate corporate travel agent. A typical customized whale-phishing email attack will do the trick, the hacker’s eyes gleamed, easy peasy. The code executed after exploiting a known vulnerability, and then the malware installed on the server—the asset, lighting up his target. He knew no one in Prix had the foresight, skill, and time to hunt for abnormal outbound network activities or packets that the now-infected system will be sending to call home—and engage the next step in the chain, command and control.