Network Lateral Movement or lateral movement in cybersecurity refers to a technique used by hackers to progressively move from a compromised entry point to the rest of the network as they search for sensitive data or other high-value assets to exfiltrate.
In order to compromise a machine, cybercriminals use practices such as malware infection or phishing attacks, then masquerade as authorized users as they look to obtain higher privileges and elevated access.
This allows attackers to move laterally (sideways; between devices and apps) through a network. An effective lateral movement attack is used by intruders to scan the system and find other machines to infect.
Cybercriminals aren’t usually worried about being discovered when using the lateral movement technique, as the majority of the organizations don’t have the means to detect it. Even if they would, a lateral movement activity can be hard to notice because once a cybercriminal has gained access, their traffic looks normal to the security administrators.
Because they’ve already gained access, it’s difficult to tell the difference betweenra a perpetrator and a legitimate user.
Lateral Movement Phases
Lateral movement is divided into three main stages: reconnaissance, credential dumping, and obtaining access to other machines in the network.