Break the Attack Chain: The Opening Gambit 

Share with your network!

The threat landscape has always evolved. But the pace of change over the last decade is unlike anything most security professionals have experienced before. Today’s threats focus much less on our infrastructure and much more on our people.  

But that’s not all. Where once a cyberattack may have been a stand-alone event, these events are now almost always multistage. In fact, most modern threats follow the same playbook: initial compromise, lateral movement and impact.  

While this approach has the potential to cause more damage, it also gives security teams more opportunities to spot and halt cyberattacks. By placing protections in key spots along the attack chain, we can thwart and frustrate would-be cybercriminals before their ultimate payoff.  

This starts with understanding the opening gambit: How do threat actors attempt to gain access to your king—in this case, your networks and data? And what can be done to keep them at bay? 

Understanding the playbook 

The chess parallels continue when we look at recent evolutions in the threat landscape, with our defensive tactics provoking an adapted method of attack. We see this in full effect when it comes to multifactor authentication (MFA)

In recent years, security professionals have flocked to MFA to protect accounts and safeguard credentials. In response, threat actors have developed MFA bypass and spoofing methods to get around and weaponise these protections. So much so that MFA bypass can now be considered the norm when it comes to corporate credential phishing attacks. Increasingly, cybercriminals purchase off-the-shelf kits which enable them to use adversary-in-the-middle (AiTM) tactics to digitally eavesdrop and steal credentials.  

We have also seen an increase in other human-activated methods, such as telephone-oriented attack delivery (TOAD). This method combines voice and email phishing techniques to trick victims into disclosing sensitive information such as login credentials or financial data.  

Whatever the method, the desired outcome at this stage is the same. Cybercriminals seek to get inside your defenses so they can execute the next stage of their attack. That is what makes the opening gambit such a critical time in the lifecycle of a cyber threat.  

Modern threat actors are experts at remaining undetected once they are inside our networks. They know how to hide in plain sight, move laterally and escalate privileges. So, if this stage of the attack is a success, organisations have a huge problem. The good news is that the more we understand the tactics that today’s cybercriminals use, the more we can adapt our defenses to stop them in their tracks before they can inflict significant damage.  

Countering the gambit 

The best opportunity to stop cybercriminals is before and during the initial compromise. By mastering a counter to the opening gambit, we can keep malicious actors where they belong—outside our perimeter.  

It will surprise no one that most threats start in the inbox. So, the more we can do to stop malicious messaging before it reaches our people, the better.  

There is no silver bullet in this respect. artificial intelligence (AI)-powered email security is as close as it gets. Proofpoint Email Protection is the only AI and machine learning-powered threat protection that disarms today’s advanced attacks. 

Proofpoint Email Protection uses trillions of data points to detect and block business email compromise (BEC), phishing, ransomware, supply chain threats and plenty more. It also correlates threat intelligence across email, cloud and network data to help you stay ahead of new and evolving threats that target your people.  

However, the difficult reality is that nothing is entirely impenetrable. Today’s security teams must assume some threats will reach the inbox. And your people need to be prepared when they do.  

Equipping this vital line of defense requires total visibility into who is being attacked in your organisation—and when, where and how. Once you have identified the people who are most at risk, your Very Attacked People™ or VAPs, you need to assess who’s the most vulnerable. They could be users with higher privileges or those who struggle with security training or fail phishing simulations.  

All this information can help you to tailor your defenses and focus protections where they are needed most. By protecting your people and their inboxes and using targeted security awareness training to change their behaviour, you will be in a strong position to protect your king.  

However, cybersecurity, much like chess, is a cat-and-mouse game. Every move has a counter, and it can take multiple checks before a checkmate. That’s why it’s crucial to defend your networks and data right from the opening gambit to the endgame.  

Enjoyed reading this blog? 

To learn more about how to break the attack chain and protect your people with human-centric security, watch the full webinar: “Break the Attack Chain Part 1: The Opening Gambit.” 

Find out more about Proofpoint Email Protection, and remember to check back next week when we'll look at breaking the second phase of the attack chain—lateral movement and privilege escalation.