An analysis of threats encountered by four organizations has identified the most common techniques used by attackers to compromise systems, infiltrate networks, and steal data, according to data analysts at Splunk, which published details of the research on Dec. 14.
The analysis used published data from Mandiant, Red Canary, MITRE’s Center for Threat Informed Defense, and the US Cybersecurity and Infrastructure Security Agency (CISA) to find the most popular post-compromise threat activities, as defined by the MITRE ATT&CK framework. Threat groups that gain access to a compromised system, for example, are likely (28% of the time) to start up the PowerShell command line utility to extend their attack laterally throughout a network and to gain persistence on the compromised machine, the analysis found.
