Compromise Examples

Few attackers compromise an organization without having an objective beyond proving that the organization can be compromised. Attackers target organizations because they wish to accomplish one or more goals. When an organization is compromised, the attackers often do one of the following:

• Exfiltrate data
• Deploy ransomware
• Enroll systems in a botnet
• Deploy coin mining software

Data exfiltration

The attackers extract sensitive data from the organization. This data may have been stolen for a variety of reasons, from the theft of commercially sensitive information to exposing organizational secrets to damage the organization’s reputation. Some of the most famous attacks have involved data exfiltration, such as gaining access to a substantial number of customer credit card numbers.

Ransomware

In ransomware attacks, the attackers encrypt the organization’s data and render the organization’s information systems non-functional. The attackers do this in the hope that the organization will pay a ransom, usually in the form of a cryptocurrency. Once the target organization pays the ransom, the attackers will provide the organization with an unlock key. After inputting this key, the data will be decrypted and the information systems previously rendered non-functional will be returned to full functionality.

Botnets

Botnets are collections of computers that can be configured to perform a specific task, such as performing distributed denial of service attacks. Botnets can be monetized in several ways, including extorting money through the performance of distributed denial of service attacks or used to relay spam (unsolicited commercial email).

Coin mining attacks

As of early 2018, coin mining attacks are becoming increasingly prevalent due to their lucrative nature. Coin mining malware deployed in attacks is sophisticated enough only to use some, not all, of the host systems resources, meaning it isn’t always obvious when a system is infected. Coin mining attacks have also been perpetrated by insiders who use their organization’s infrastructure to generate illicit income.

Join the discussion

Share your thoughts in the course forum on the following topics.

• What systems does your organization have in place to detect suspicious activity on the network?
• Are there other examples of compromise that you can think of?

Use the discussion section below and let us know your thoughts. Once you’re happy with your contribution, click the Mark as complete button to check the step off, then you can move to the next step.