The Attacker’s Playbook: Security Tactics from the Front Lines

Understand a threat actor's mindset to strengthen your security posture with mitigation tips from Varonis' forensic experts.
Lexi Croisdale
3 min read
Last updated September 20, 2024
Snake to symbolize threat actors

While security pros are already familiar with terms like data breaches, exploits, and misconfigurations, these phrases are also becoming known to organizations and non-tech leaders as cybersecurity becomes an essential part of business operations.

Avoiding data compromise is essential and knowing how attackers formulate and carry out their strategies is vital for safeguarding sensitive information, especially with the rise of generative AI and ransomware as a service (RaaS)

Varonis forensics experts recently came together for an informative session to share their insights on how attackers think, based on their experiences on the front lines of cyberattacks.

The panel included Joseph Avanzato, Security Operations and Forensics Group Leader, Mike Thompson, Director of Cloud and Security Architecture, and Dor Yardeni, Director of Security Research.

Continue reading for a recap of their discussion, and download our guide, which breaks down an attacker's point of view with mitigation tips for each scenario.

Download the Attacker's Playbook today.

Identity-based attacks and social engineering 

In today's modern threat landscape, it's crucial to adopt an attacker's mindset. By learning about and anticipating their actions, you can be better equipped to defend your organization. 

“Attackers don’t necessarily break in anymore; they log in,” Joseph said. “If you can anticipate what an attacker is going to do, you will be more prepared.” 

Identity-based attacks are the most common way to obtain initial entry, Dor said, mainly because of their ease of system access. 

“Most of the time it’s much more efficient to steal an identity rather than discovering a vulnerability,” he said.

Mike added that social-engineering tactics remain a significant threat to orgs, because these techniques exploit human vulnerabilities, which are harder to mitigate completely.

“Social engineering is a forever tactic. There’s only so much you can do to solve for that problem,” Mike said.

One identity-based example the panel discussed was the targeted campaign against Snowflake users that had single-factor authentication.

The importance of time to detection and analysis 

The trio discussed the main stages of a cyberattack, with Dor emphasizing the necessity of proactively auditing and reviewing permissions within your organization to detect and address possible attack vectors before they can be exploited.

He also pointed out that attackers are not immune to errors and explained how monitoring for unusual login behaviors can lead to a bad actor’s detection. 

“Attackers do make mistakes. Sometimes they forget to use a VPN before logging in with the compromised user credentials,” Dor said. “In this example, we could detect an impossible travel time or sometimes an attacker can also log in from a location that no one else in the organization logged in from.”

Joe said that early detection and response in the attack lifecycle is key to preventing significant damage, such as data exfiltration.

“Shift your response and detection processes so that you’re catching things earlier. By the time you’re trying to stop them from uploading a zip of data, it’s already potentially too late,” he said.

Mike emphasized the importance of analyzing security incidents to understand their origins. He pointed out that breaches don’t happen spontaneously; attackers exploit existing vulnerabilities and understanding them can help prevent future incidents. 

You have to do that analysis because these things don’t materialize out of nowhere. You were vulnerable somewhere.

Mike Thompson, Director of Cloud and Security Architecture at Varonis

Proactive defense with AI  

Establishing a solid security culture and adopting least privilege and Zero Trust are essential components of a strong defense strategy.

Mike also highlighted the role of AI in modern security systems to combat evolving threats. 

“Every security company, Varonis included, is touting their AI capabilities,” he said. “It’s not just all marketing buzz; it’s truly part of evolving security toolkits.”

Joe agreed with Mike’s take on AI, highlighting that the technology has the potential to make security teams more productive and efficient in the long term.

Varonis’ Athena AI helps turn all users into formidable data defenders for organizations with the use of natural language to conduct in-depth investigations and analyses.

Earlier this year, Varonis also announced AI data classification, a new LLM-driven data scanning solution that gives our customers deeper business context with unmatched precision and scale. 

Don’t wait for a breach to occur.  

Understanding an attack from an adversary's point of view can aid in safeguarding sensitive information. 

Watch the full discussion between Joe, Mike, and Dor to learn more proactive defense strategies, and download the full Attacker’s Playbook for an in-depth breakdown of a threat actor's mindset and mitigation tips.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

reconnect---ways-attackers-sidestep-your-endpoints
ReConnect - Ways Attackers Sidestep Your Endpoints
One of the age-old questions in cybersecurity is, “Are my endpoint controls enough?” Spoiler alert, unfortunately not! Kilian and Brian discuss scenarios we’ve seen where sophisticated attack groups deliberately leverage...
navigating-the-complex-landscape-of-data-protection-in-the-federal-sector
Navigating the Complex Landscape of Data Protection in the Federal Sector
Varonis' Justin Wilkins and Trevor Brenn highlight the importance of data security for the federal sector, the risks of gen AI, and more.
speed-data:-the-impact-of-ai-on-attack-vectors-with-justin-michael
Speed Data: The Impact of AI on Attack Vectors With Justin Michael
Corbin Capital Partners CTO Justin Michael discusses the hot topic of ChatGPT. Justin leads guarding sensitive data for the leading asset management firm.
how-to-protect-your-cloud-environment-from-today’s-top-5-threats
How to Protect Your Cloud Environment From Today’s Top 5 Threats
Learn the top five cloud threats after your sensitive data and how to protect your organization from them.