As the threat landscape continues to evolve with a perpetual influx of new network anomalies and Indicators of Compromise (IOC), prudent defenders must focus on more actionable elements of attack characteristics, such as Tactics, Techniques and Procedures (TTPs). One such example of this is the Initial Access Tactic.

Initial access is one of the most important adversarial tactics and may form the critical dependency on which further tactics rely, or conversely it may be the end goal in itself. Irrespective of the adversary's intent, preventing successful initial access is paramount in preventing successful intrusions against your organization.

This whitepaper steps through the most common initial access techniques Dragos observes being utilized by activity groups in order to equip defenders with some of the vital elements of threat behavior knowledge and thus address the associated risks.