Complete Story


How Cybercriminals Are Getting Initial Access into Your System

The State of Security

This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks.

There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit some malicious code onto the system and make sure it can be executed further on.

Drive-by downloads

Description: The gist of this technique is to dupe the victim into opening a website hosting various browser and plugin exploits, obfuscated frames or malicious JavaScript files that can be downloaded to the target system beyond the user’s awareness.

  • Use up-to-date web browsers and plugins and run an antimalware solution. Microsoft recommends using Enhanced Mitigation Experience Toolkit (EMET) and Windows Defender Exploit Guard (WDEG.)


Printer-Friendly Version