What is Initial Access?

00:00

hello and welcome to another application of the minor attack framework discussion today. We're going to be looking at what is initial access, which is that top area of the framework where we're talking about the particular area in which the Attackers focusing in this case

00:19

trying to gain initial access.

00:21

And so what are our objectives of this particular discussion? Well,

00:26

we're going to define what initial access is, and then we're going to look at and define some attack types and examples of those attack types. So with that, let's go ahead and jump right into our definition.

00:44

So initial access consists of techniques that an adversary would use to get into your network, plain and simple. And this could be anything from spearfishing to the exploitation of public facing Web servers

00:58

or services. And so what we're trying to do is have that initial access granted to the system,

01:04

and at that point the attacker will start to get a lay of the land and figure out what their next steps are. There are also some tools out there that will go through multiple faces at a time, all the way to potentially impacting the system and encrypting the system.

01:19

Now

01:21

some of the techniques that are defined by the minor attack framework are as follows to drive by compromise, like on a site or something of that nature. Public facing application exploitation, ex general, remote service exploitation, valid account use, trusted relationships, supply chain compromise.

01:40

We're gonna go over a few of these in our particular review,

01:46

and we'll go over some of the mitigation and detection techniques that can be used as well. So let's touch on some examples real quick.

01:55

So supply chain compromise So in this particular instance will use the example of Sisi cleaner, so I don't know if you remember. But CC Cleaner was compromised by hackers for over a month, and the tool was impacted by malware that gave the Attackers a back door

02:12

to user systems. There were over 2.27 million downloads

02:15

of this particular tool

02:17

at the time that it was compromised. And so another example of supply chain compromise would be mobile games. Uh, some examples of this were games such as infestation and point blank were identified by a Persky, and he set as having back doored versions of the games being distributed

02:36

And so essentially, when you think about supply chain compromise, which will go into more detail, it's

02:40

a trusted application,

02:44

a trusted platform that is impacted in a way that an attacker infects a legitimate update or ah, legitimate application and then has some type of back door or malicious intent that can be enacted through what people believed to be a trusted resource,

03:04

another type of attack that I'm sure you're very familiar with our spearfishing attachments. And so we're not really going to dive into that too deeply. But you know, the examples given are essentially, you get an email. It's got an attachment that looks legitimate.

03:20

You interact with that attachment and voila! Initial access is gained and granted to the attacker. And a lot of times with these types of attachments, you may run them. And they may also take you to third party sites that asked for credentials, which could then lead to a valid account being provided.

03:37

So let's do a quick check on learning for this particular discussion.

03:40

True or false, initial access is when a user in the organization first longs into a systems you start their work day.

03:50

All right, well, If you need some additional time to think this over, please pause the video and take it. So when we're talking about initial access, we're not talking about the context of a user logging into a system to start their work. They were talking about threat actors gaining access to the system initially, so this particular statement is

04:10

false.

04:12

So with that, let's go ahead and jump over to our summary.

04:15

So in summary of today's discussion, we defined initial access is being when a threat actor initially gets on a system or gains access to a system.

04:27

And then we defined some attack types and examples again will reiterate some of these areas, focusing on mitigation and detection techniques, as well as some of the threat actors that have been noted as taking advantage of some of these initial access factors.