Comment by kachapopopow
14 days ago
I guess it makes sense - as for persistence I guess no point in having any if you can just compromise the target again.
14 days ago
I guess it makes sense - as for persistence I guess no point in having any if you can just compromise the target again.
>persistence I guess no point in having any
The most obvious reason would be the fear of patching a vulnerability which the attacker used to gain initial access. Persistence is required.
Many servers and systems are rarely rebooted, and many campaigns are not that long term. There may not be a reason to compromise the target again.
For example, a ransomware gang may compromise a company's network, steal data, deploy the cryptolocker, and then get out. There's no need to have persistent access; they got what they wanted.
I know that very well considering I have servers that have 5 years of uptime, but generally the environment isn't the same as it was with cloud services living less than a few hours (or even seconds for functional endpoints) this becomes a problem.
my first thoughts is that this is actually a vector against people rather than servers which do reboot daily.