Human adversaries are able to find the most painful part of a victim organization to hold for ransom and can execute an attack plan that’s able to move beyond the defender’s traditional controls, according to McAfee CTO Steve Grobman. Specifically, Grobman said human operators can perform reconnaissance to get a better sense of the victim’s threat surface, and then tailor their attack based on what they see.
Human operators can try multiple things in the victim organization until they find something that works, moving from one particular exploit to the next, Grobman said. And if a targeted business is found to have vulnerable applications, configurations, or operating systems, Grobman said the humans can make real-time decisions around how to capitalize on that information to build a lethal and successful attack.
The best way to outsmart a human adversary is with a well-trained cyber operations team armed with the best detection technology, he said. Acts of performing reconnaissance will show up as suspicious activity on an EDR (endpoint detection and response) or XDR (extended detection and response) tool, allowing a well-trained cyber defense team to locate the hackers before they inflict much damage.