Undetected Attackers Could Be Inside Your IT Systems Now

Cyber crime is continuing to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Indeed, the challenge of defending an organisation against cyber threats and attacks are considerable - attackers are constantly adapting their tools and malicious activities in order to exploit new opportunities, evade detection and stay ahead of security teams. 

Cyber crime costs $billions, causes untold damage and threatens national security. Recently, GoDaddy and News Corp. said that hackers were in their IT systems for years. How could such large organisations, with excellent IT teams and expenditure on cyber security, allow this to happen? 

The starting point for cyber criminals is to find a way into a target’s network. But even when organisations make it difficult, there’s usually one or a few entry point. This is often done by using Initial Access Brokers (IABs), exploiting vulnerabilities, or using employee credentials, the most effective of the three, they need to get in without tripping any alarms. 

Often at the start of the attack the hackers will just watch an organisation and how its people work. They will monitor the different processes that staff use during a typical workday and then they will employ that knowledge to conceal their movements around the network. 

There will initially be no intrusive actions until they know how to blend in with everyday traffic of the organisation’s Security Operations Center analyst.

Attackers commonly use one of two methods to remain undetected for extended periods of time. 

  • The first is when they use genuine compromised credentials and mimic that employee’s usual behavior, for example, accessing the same files and logging in and out from the same location and at the same time. 

This is becoming increasingly more common through social engineering, email phishing attacks, and the use of IABs. It’s also highly difficult to detect because monitoring software won’t detect a change from the norm.

  • The second is used when an organisation's monitoring tools aren’t configured well enough to detect intrusions of irregular account activity, with this lack of visibility meaning it’s hard to track a cyber criminal’s movements.

According to IBM’s latest Cost of a Data Breach report, the average duration of a data breach, was 277 days - 204 days to detect the breach and a further 73 days to contain it. Furthermore, the human element is the critical factor in wider organisational failings. It really is a persistent problem and the common reason why the average time to remediate a breach is at least a year.

The fact that hacking attacks are inevitably likely to happen is now widely accepted and although attackers have the advantage, organisations must work harder to implement cyber security best practices.

National Crime Agency:     Sophos:    Crowdstrike:    ITPro:    CISO:    ZDNet:     Image: geralt

You Might Also Read: 

Nine Types of Modern Network Security Solutions:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 


 


 

« NIS2 Regulations Are Coming – Are You Ready?
Reimagining Your Cyber Infrastructure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Sonda

Sonda

SONDA is the leading systems integrator and IT service provider in Latin America.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Aptum

Aptum

Aptum is a global hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network.

Gotham Security

Gotham Security

Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

GlassHouse Technology

GlassHouse Technology

GlassHouse supports customers in their digitalization journey with our deep technical expertise in Managed Cloud and Security Services, SAP Infrastructure Service and Business Continuity Services.

Vantor

Vantor

Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.