united-states-flag.svg flag Eng germany-flag.svg flag De spain-flag.svg flag Spa france-flag.svg flag Fre italy-flag.svg flag Ita
Get a Demo
Product
Solutions
Industrial Remote Privileged Access Third-Party Secure Access Mass Onboarding Secure Access All Industries
Partners
Resources
Blog News Press Releases Compliance Third Party Reports Buyer's Guides Case Studies At a Glances Datasheets White Papers Videos Webinars
Company
About Us Careers
Support Search Toggle Search
Blog
Dec 6, 2022
4 min read

Lateral Movement: What It Is & How Zero Trust Protects You From It

Lateral movement is the set of techniques attackers use to progress through the organizational network after gaining initial access. Adversaries use lateral movement to identify target assets and sensitive data for their attack. Therefore, preventing this Mitre Att&ck tactic is a key step in your cybersecurity protection plan. Zero trust can help prevent lateral movement. Here’s how.

What is Lateral Movement?

The tenth step in the MITRE Att&ck framework, lateral movement is the set of techniques used by attackers to move in the network, while gaining access to credentials and without being detected. Lateral movement enables attackers to identify key assets and data, which they will target when they attack.

What Information is Gathered in Lateral Movement?

After breaking into the network, cyberattackers need to find a way to progress laterally. To do so, they require access to users, systems and assets that will move them forward. Therefore, the information gathered in lateral movement is intended to help them achieve this. This includes user account credentials and service entitlements that provide access to components and systems, as well as information that can help them map the network, like network hierarchy, operating systems and server resources.

Lateral Movement Methods

The MITRE Att&ck framework recognizes 9 lateral movement techniques:

  1. Exploitation of Remote Services – taking advantage of software vulnerabilities in remote services to gain access to internal systems.

  2. Internal Spearphishing – taking advantage of a trusted, compromised account to trick additional, internal users through spear phishing.

  3. Lateral Tool Transfer – transferring and copying tools and files between systems. 

  4. Remote Service Session Hijacking – taking control of preexisting remote service sessions to progress.

  5. Remote Services – logging in as a valid user to remote accounts.

  6. Replication Through Removable Media – copying malware to removable media to gain access when it is inserted and runs.

  7. Software Deployment Tools –  using third-party software installed in the network, e.g tools for administration, monitoring, and deployment. 

  8. Taint Shared Content –  Adding malicious content to shared storage locations or tainting existing shared content.

  9. Alternate Authentication Material – using alternate authentication methods, e.g. password hashes, Kerberos tickets, and application access tokens.

How Zero Trust Can Help Prevent Lateral Movement

It should be clear that lateral movement is very dangerous for organizations. Finding a security approach to help them block and minimize the threat of lateral movement is therefore crucial.

The zero-trust security framework protects organizational assets and apps by eliminating transitive trust and continually identifying and authenticating every device, user and identity before granting them access. Just as importantly, the network is cloaked for users, to prevent network visibility.

Various features of the zero-trust security architecture prevent a large number of lateral movement methods. Namely, by preventing attackers from gaining access to systems and users that will help them advance, as well as cloaking the network to prevent mapping. The techniques zero trust helps prevent include:

  • Exploitation of remote services – Zero trust doesn’t enable perpetrators and unverified users to access the network or its internal services, whether they origin from a local or a remote service.

  • Remote service session hijacking – Zero trust prevents perpetrators from gaining access to sessions. But even if they do, zero trust provides auditing, recording and monitoring capabilities. Thus, the attacker can be tracked and the risk can be mitigated.

  • Remote services – Perpetrators who gain access to remote services will only have limited access to the network, depending on the permissions scope of the service hacked. Zero trust blocks the concept of a logged on user who has wide access with no supervision.

  • Tainted shared content – Zero trust limits the ability of users to read and write content from shared storage locations. In addition, zero trust enables scanning new files to detect malware. 

  • Alternate authentication material – Zero trust is the only authentication method, using methods like multi-factor authentication (MFA) and user behavior analytics (UBA) before providing users with access to apps. However, authentication is always based on a centralized set of policies.

Cyolo PRO (Privileged Remote Operations) is an advanced secure access solution built in full accordance with the principles of zero trust. Schedule a demo to see how Cyolo PRO can protect your organization from lateral movement and other MITRE Att&cks.

Subscribe to Our Newsletter

More Blog Posts
See All Blog Posts
Blog
Feb 14, 2025

Why Third-Party Access to OT Environments Requires Added Security Controls

Read More
Blog
Feb 3, 2025

The Relationship Between Safety, Availability, and Security in Critical Industries

Read More
Blog
Jan 15, 2025

Why OT Security Must Include Non-Human Identities (NHIs)

Read More