Discovering just one component of an attack can help an organization find additional components of the campaign, eventually leading to the entire hacking operation being revealed. A Cybereason customer used this method to discover an advanced persistent threat that had infiltrated its environment more than a year earlier. The organization assumed it had been hacked, but couldn’t find evidence to support this hypothesis.
By deploying Cybereason, the company was able to discover that the attackers had used legitimate processes to carry out malicious behavior. These tactics created a trail of evidence that, when followed, unraveled the entire attack. Ultimately, hackers managed to compromise 12 machines, including a domain name controller, giving them access to all the organization’s user names and passwords.