This article does a good job of showing how malware infections are just the first step in the compromise of an enterprise. Once an attacker has a foothold, they pivot to exploiting privileged accounts. That is why it is so important to prevent or contain that initial desktop compromise.
“Hackers will use malware, among other techniques, to break into enterprise systems but once they’re in, they’re likely to switch away from malware to abusing privileged accounts, according to a report released today by CyberArk Software, Ltd., an Israel-based vendor of security solutions for privileged accounts.
The report analyzes the experience of some of the world’s top cybersecurity and forensics teams — Cisco’s Talos Security Intelligence and Research Group, Deloitte’s Computer and Cyber Forensics Team, Deloitte & Touche’s Cyber Risk Services, FireEye’s Mandiant, EMC’s RSA security division, and the Verizon RISK Team.”