1. Recon
Threat actors research their targets through analysis of publicly available information on trusted private, professional and social media sites.
Defenses
- User education (Raise the human security IQ)
- Content Security (Social Web Controls)
- Insider Threat & Data Protection (oversharing sensitive information)
- Security for Cloud (protect the use of cloud apps and services)
2. Lure
Specially crafted lures aim to trick users into interacting with malicious emails, URLs and compromised websites.
Defenses
- Content Security (Real-time analysis of web & email advanced attacks, powered by industry-leading Forcepoint ThreatSeeker Intelligence (formerly ThreatSeeker Intelligence Cloud)
- Network Security (Forcepoint NGFW-enabled attack protection)
- User education (raise the human security IQ)
- Security for Cloud (protect the use of cloud apps and services)
3. Redirect
Users are often redirected multiple times to put a layer of abstraction between the initial lure and the payload.
Defenses
- Content Security (Real-time analysis of web & email advanced attacks, powered by industry-leading Forcepoint ThreatSeeker Intelligence)
- Network Security (Forcepoint NGFW-enabled attack protection)
- Security for Cloud (protect the use of cloud apps and services)
4. Exploit Kit
Web-based exploit code scans the target system to identify vulnerable software on the machine. The vulnerability is exploited in order to drop the malicious payload.
Defenses
- Content Security (Real-time analysis of web & email advanced attacks, powered by industry-leading Forcepoint ThreatSeeker Intelligence)
- Network Security (Forcepoint NGFW-enabled attack protection)
- Security for Cloud (protect the use of cloud apps and services)
5. Dropper File
Dropper files gain a foothold into your network to commit data theft.
Defenses
- Forcepoint Advanced Malware Detection - formerly Threat Protection Cloud(File & URL behavioral sandboxing)
- Content Security (Real-time analysis of web & email advanced attacks, powered by industry-leading Forcepoint ThreatSeeker Intelligence)
- Network Security (Forcepoint NGFW-enabled attack protection)
- Security for Cloud (protect the use of cloud apps and services)
6. Call Home
Infected systems establish an outbound communication channel to threat actor’s infrastructure to receive further instructions or tools and send stolen data.
Defenses
- Network Security (Outbound Command & Control network analysis)
- Content Security (Outbound Command & Control content analysis)
- Insider Threat & Data Protection (User behavioral & content analysis)
- Security for Cloud (protect the use of cloud apps and services)
7. Data Theft
Successful theft of intellectual property, Personally Identifiable Information (PII) or other valuable data for cybercriminals is used for financial gain or to support future attacks.
Defenses
- Insider Threat & Data Protection (User behavioral analysis)
- Content Security (Outbound content & destination analysis)
- Network Security (Outbound network analysis)
- Security for Cloud (protect the use of cloud apps and services)