Undetected Attackers Could Be Inside Your IT Systems Now

Uploaded on 2023-08-29 in NEWS-Cybersecurity News, FREE TO VIEW

Cyber crime is continuing to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Indeed, the challenge of defending an organisation against cyber threats and attacks are considerable - attackers are constantly adapting their tools and malicious activities in order to exploit new opportunities, evade detection and stay ahead of security teams. 

Cyber crime costs $billions, causes untold damage and threatens national security. Recently, GoDaddy and News Corp. said that hackers were in their IT systems for years. How could such large organisations, with excellent IT teams and expenditure on cyber security, allow this to happen? 

The starting point for cyber criminals is to find a way into a target’s network. But even when organisations make it difficult, there’s usually one or a few entry point. This is often done by using Initial Access Brokers (IABs), exploiting vulnerabilities, or using employee credentials, the most effective of the three, they need to get in without tripping any alarms. 

Often at the start of the attack the hackers will just watch an organisation and how its people work. They will monitor the different processes that staff use during a typical workday and then they will employ that knowledge to conceal their movements around the network. 

There will initially be no intrusive actions until they know how to blend in with everyday traffic of the organisation’s Security Operations Center analyst.

Attackers commonly use one of two methods to remain undetected for extended periods of time. 

  • The first is when they use genuine compromised credentials and mimic that employee’s usual behavior, for example, accessing the same files and logging in and out from the same location and at the same time. 

This is becoming increasingly more common through social engineering, email phishing attacks, and the use of IABs. It’s also highly difficult to detect because monitoring software won’t detect a change from the norm.

  • The second is used when an organisation's monitoring tools aren’t configured well enough to detect intrusions of irregular account activity, with this lack of visibility meaning it’s hard to track a cyber criminal’s movements.

According to IBM’s latest Cost of a Data Breach report, the average duration of a data breach, was 277 days - 204 days to detect the breach and a further 73 days to contain it. Furthermore, the human element is the critical factor in wider organisational failings. It really is a persistent problem and the common reason why the average time to remediate a breach is at least a year.

The fact that hacking attacks are inevitably likely to happen is now widely accepted and although attackers have the advantage, organisations must work harder to implement cyber security best practices.

National Crime Agency:     Sophos:    Crowdstrike:    ITPro:    CISO:    ZDNet:     Image: geralt

You Might Also Read: 

Nine Types of Modern Network Security Solutions:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 


 


 

« NIS2 Regulations Are Coming – Are You Ready?
Reimagining Your Cyber Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.