Many criminal groups use systems that continuously scan the address spaces of target organisations, waiting for new and unprotected systems to be attached to the network.
Attackers from anywhere in the world can quickly find and exploit such systems that are accessible via the Internet.
Even systems that are connected to the private network, without visibility from the Internet, can still be a target of the advanced adversary. Any system, even test systems that are connected for a short period of time, can still be used as a relay point to cause damage to an organisation.
With an increasing number employees bringing personal devices into work and connecting them to the network, the risk of compromising and infecting internal resources is rife.
Even internal network systems are at risk. Attackers who have already gained internal access may hunt for and compromise additional improperly secured internal computer systems. Some attackers use the local night time window to install backdoors on the systems before they are hardened.
APTs (advanced persistent threat) target internal users with the goal of compromising a system on the private network that can be used as a pivot point to attack internal systems.