There are various steps that an attacker must follow in order to execute any successful attack, with the initial compromise being just one stage in the overall attack chain. Once attackers have successfully breached the perimeter of an organization, they enter into the lateral movement phase where they attempt to tiptoe through a network, identifying the systems and data that are the ultimate target of their campaign.
Credential dumping is a technique frequently used by attackers during lateral movement to obtain account information, such as logins and passwords. Armed with this information, the attackers can then spread further within an organization and/or access restricted data. Attackers use a variety of different credential-dumping methods that require first obtaining administrator privileges. This process is known as privilege escalation and it must be performed before any attempts at credential dumping.
Detecting and blocking lateral movement activity is an important part of any organization’s defense strategy and our Symantec portfolio provides defense-in-depth across control points. Our solutions detect and prevent credential dumping, and also protect against precursor events such as threat delivery and privilege escalation, as well as post-theft credential use.