Glossary
Lateral movement
A hacker's progression from a compromised machine to others, to extend their hold on the network.
Once a first machine is compromised, the attacker moves to other workstations and accounts to get closer to their target: sensitive data, backups, the heart of the network. They often reuse stolen credentials and legitimate tools, which makes them discreet. Segmenting the network and monitoring powerful access slows this progression.
See also
APT (advanced persistent threat)A highly organised, well-funded attacker who settles in for the long term to spy or sabotage over time.Indicator of compromise (IOC)A technical clue that betrays a possible attack: a known malicious address, file or domain.MITRE ATT&CKA reference catalogue that describes the methods actually used by cyberattackers.HoneypotA deliberately exposed decoy to attract attackers and spot their actions.