Disrupting the Attack Chain Through Detecting Credential Dumping

There are various steps that an attacker must follow in order to execute any successful attack, with the initial compromise being just one stage in the overall attack chain. Once attackers have successfully breached the perimeter of an organization, they enter into the lateral movement phase where they attempt to tiptoe through a network, identifying the systems and data that are the ultimate target of their campaign.

Credential dumping is a technique frequently used by attackers during lateral movement to obtain account information, such as logins and passwords. Armed with this information, the attackers can then spread further within an organization and/or access restricted data. Attackers use a variety of different credential-dumping methods that require first obtaining administrator privileges. This process is known as privilege escalation and it must be performed before any attempts at credential dumping.

Read more…
Source: Symantec