Our prevention is enabled through context and controls to disrupt and defend - it doesn’t matter if it's ransomware or a zero day attack.
Most adversarial threats (like ransomware) will follow a multi-staged attack approach. This begins with initial access, or through the cognitive attack loop phases reconnaissance and infiltration. During this phase, attackers select a target and gather relevant information such as vulnerabilities, network topology, employee information, and so forth. Information gathered during this stage can then be used to infiltrate, or deliver, an attack.
Once access is attained, adversaries move into the next phases of the attack sequence: maintain and manipulate. The attacker is using their initial access to continue to improve their position and move forward with their goals.
During the final attack phases of execute and exfiltrate, the attacker is executing their end goals. For example, an attacker at this stage may be encrypting your data, holding it for ransomware, or even exfiltrating sensitive data for malicious use. Whatever the attackers end goal is – we don’t want them to be successful.
In this lab you will be able to detonate different attack scenarios – each of which align with the previous attack approach stages. Before beginning any of the simulations, make sure that you understand the Carbon Black Cloud through either prior use or section one of the lab.
Before continuing make sure you are in the right org. The TestDrive Carbon Black console is separated based on experience. You should be in the "vmweng-standard.com" org. If not, navigate to the correct org by clicking the org name in the upper right. Then, click Switch Orgs.