Undetected Attackers Could Be Inside Your IT Systems Now

Uploaded on 2023-08-29 in NEWS-Cybersecurity News, FREE TO VIEW

Cyber crime is continuing to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Indeed, the challenge of defending an organisation against cyber threats and attacks are considerable - attackers are constantly adapting their tools and malicious activities in order to exploit new opportunities, evade detection and stay ahead of security teams. 

Cyber crime costs $billions, causes untold damage and threatens national security. Recently, GoDaddy and News Corp. said that hackers were in their IT systems for years. How could such large organisations, with excellent IT teams and expenditure on cyber security, allow this to happen? 

The starting point for cyber criminals is to find a way into a target’s network. But even when organisations make it difficult, there’s usually one or a few entry point. This is often done by using Initial Access Brokers (IABs), exploiting vulnerabilities, or using employee credentials, the most effective of the three, they need to get in without tripping any alarms. 

Often at the start of the attack the hackers will just watch an organisation and how its people work. They will monitor the different processes that staff use during a typical workday and then they will employ that knowledge to conceal their movements around the network. 

There will initially be no intrusive actions until they know how to blend in with everyday traffic of the organisation’s Security Operations Center analyst.

Attackers commonly use one of two methods to remain undetected for extended periods of time. 

  • The first is when they use genuine compromised credentials and mimic that employee’s usual behavior, for example, accessing the same files and logging in and out from the same location and at the same time. 

This is becoming increasingly more common through social engineering, email phishing attacks, and the use of IABs. It’s also highly difficult to detect because monitoring software won’t detect a change from the norm.

  • The second is used when an organisation's monitoring tools aren’t configured well enough to detect intrusions of irregular account activity, with this lack of visibility meaning it’s hard to track a cyber criminal’s movements.

According to IBM’s latest Cost of a Data Breach report, the average duration of a data breach, was 277 days - 204 days to detect the breach and a further 73 days to contain it. Furthermore, the human element is the critical factor in wider organisational failings. It really is a persistent problem and the common reason why the average time to remediate a breach is at least a year.

The fact that hacking attacks are inevitably likely to happen is now widely accepted and although attackers have the advantage, organisations must work harder to implement cyber security best practices.

National Crime Agency:     Sophos:    Crowdstrike:    ITPro:    CISO:    ZDNet:     Image: geralt

You Might Also Read: 

Nine Types of Modern Network Security Solutions:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 


 


 

« NIS2 Regulations Are Coming – Are You Ready?
Reimagining Your Cyber Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Deep Identity

Deep Identity

Deep Identity is a boutique system integrator, with expertise in tailored identity governance & administration (IGA) and identity access management (IAM) solutions.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

DataViper

DataViper

Data viper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Gradient Cyber

Gradient Cyber

Gradient Cyber is a trusted cybersecurity partner specializing in small businesses and mid-market enterprises concerned about cybersecurity but lacking the staff to give it the attention it deserves.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

Swick Technologies (SWICKtech)

Swick Technologies (SWICKtech)

SWICKtech offer IT managed services to increase IT security, stability, and performance for your organization.