Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

VECTRA POST-INTRUSION REPORT SHOWS CYBER ATTACKERS ARE GETTING QUIETER ONCE INSIDE THE NETWORK
VECTRA POST-INTRUSION REPORT SHOWS CYBER ATTACKERS ARE GETTING QUIETER ONCE INSIDE THE NETWORK

Published : , on

Use of covert attack communications, other sophisticated techniques are on the rise

Vectra® Networks, the leader in automated threat management, today announced the results of its latest Post-Intrusion Report, a real-world study about threats that evade perimeter defenses and what attackers do once they get inside your network.

The report analysed data from 120 Vectra customer networks comprised of more than 1.3 million hosts over the first quarter of 2016, a three-fold increase from the previous report that analysed 40 customer organisations.

In the current report, all organisations showed signs of targeted attacks including internal reconnaissance, lateral movement or data exfiltration. Of the 120 participating organisations, 117 detected at least one of these behaviors during each month of the study.

Despite that nearly 98 per cent of organisations detected at least one behavior per month during the three-month period, researchers found that fewer detections were observed deeper in the kill chain. As an example, data exfiltration – which is by far the most dangerous behavior – was the lowest of all categories at 3 per cent.

“This data shows that security teams that are laser focused on the active phase of a network attack are successfully decreasing the risk of data theft,” said Günter Ollmann, CSO at Vectra Networks. “They are responding faster and shutting down attacks before critical data is extracted from their networks and any real damage is done.”

C&C techniques and hidden tunnels on the rise

Researchers found that not only are command-and-control (C&C) attacks increasing, accounting for 67 per cent of detections, but the use of HTTP and HTTPS C&C for hidden tunnels also made a significant jump this year.

HTTP and HTTPS C&C is an emerging technique that allows sophisticated attackers to pass hidden messages and steal data within protocols that are generally not blocked by perimeter firewalls.

Together, HTTP and HTTPS tunnels accounted for 7.6 per cent of all C&C detections, making them the third most-common C&C technique overall. This trend was consistent when normalising for the number of hosts monitored. Hidden C&C tunnels were observed 4.9 times per 1,000 hosts, which is up from 2.1 times per 1,000 hosts seen in the previous report.

Attackers opt for more discreet methods to spy inside the network

Lateral movement, which enables attackers to spread from east to west to gather information, dropped significantly from 34 per cent of total detections in 2015 to roughly 8.6 per cent of total detections this year.

However, once inside the network, attackers appear to be getting quieter. Of these lateral movement detections, brute force attacks – the most popular technique last year – are down significantly, while Kerberos client and automated replication behaviors increased over last year, tying at 36.3 per cent of lateral movement detections.

“Because brute force techniques are so noisy, more experienced and skilled attackers tend to try other access techniques first – preferably automatable techniques that are difficult to distinguish from normal network traffic and where failures are unlikely to be alerted upon,” said Ollmann.

“As an example, and demonstrated by our findings, public disclosures of Kerberos vulnerabilities and new attack tools that can automate exploitation are now part of the hackers’ arsenal,” he continued. “Once suitable Kerberos keys are created and administrative accounts are broken, the process of compromising other hosts in the victim’s network is simple and mechanical.”

Botnet monetisation trends

In the realm of botnet behaviors, click fraud remains the leading technique at 58.1 per cent. While botnet infections may pose a lower risk to organisations than a targeted attack, they are by no means risk free.

This year saw a proportional increase in denial-of-service, outbound brute force and port scanning. These botnet behaviors are important to enterprises as they can have significant impacts on the reputation of the network. Taken together, these detections represent 27 per cent of botnet events, more than double the 12 per cent that was previously observed.

A copy of the Post-Intrusion Report is available for download at http://info.vectranetworks.com/post-intrusion-report-2016.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post