Cyber attackers have become so sophisticated that it could take as long as 11 days before network defenders would be able to detect their activities, says a new report.
Active Adversary Playbook 2021, a cybersecurity report released by Sophos in May detailed attacker behaviours and the tools, techniques, and procedures found in the wider net in 2020 ad early 2021. According to the report, the longest undetected intrusion lasted 15 months.
According to the report, the 11 days average gives attackers ample opportunity to carry out malicious activity, such as lateral movement, reconnaissance, credential dumping, data exfiltration, and more. Considering that some of the attacks can take only minutes or a few hours to implement, 11 days is enough time to do significant damage.
While occupying the computer of the potential victim, attackers release ransomware which could become visible to the IT security team. Sophos said 81 percent of the incidents it responded to involved ransomware. This is because ransomware tends to have a shorter dwell time than “stealth” attacks.
Read Also: Six common Bitcoin myths you should know
Other types of attack include exfiltration-only which occurs when an individual’s or company’s data is compromised from a computer or server without authorisation. There are also cryptominers, banking trojans, wipers, droppers, pen test or attack tools, and many others.
Attacking strategies include the Remote Desktop Protocol (RDP) seen in 90 percent of attacks and in 69 percent of all cases, attackers used RDP for internal movement. Sophos says security measures such as Virtual Private Networks (VPNs) do not work if the attacker is already inside the network. The use of RDP for internal lateral movement is increasingly common in active, hands-on-keyboard attacks such as those involving ransomware.
“The threat landscape is becoming more crowded and complex, with attacks launched by adversaries with a wide range of skills and resources, from script kiddies to nation-state backed threat groups. This can make life challenging for defenders,” John Shier, senior security advisor at Sophos, said.
In 2020, Sophos incident responders helped to neutralise attacks launched by more than 37 attack groups, using more than 400 different tools between them. Many of the tools are used by IT administrators and security professionals for their everyday tasks and spotting the difference between benign and malicious activity may not always be easy.
“One of the biggest red flags, for instance, is when a legitimate tool or activity is detected in an unexpected place. Most of all, defenders should remember that technology can do a great deal but, in today’s threat landscape, may not be enough by itself. Human experience and the ability to respond are a vital part of any security solution,” Shier said.
