Undetected Attackers Could Be Inside Your IT Systems Now

Cyber crime is continuing to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Indeed, the challenge of defending an organisation against cyber threats and attacks are considerable - attackers are constantly adapting their tools and malicious activities in order to exploit new opportunities, evade detection and stay ahead of security teams. 

Cyber crime costs $billions, causes untold damage and threatens national security. Recently, GoDaddy and News Corp. said that hackers were in their IT systems for years. How could such large organisations, with excellent IT teams and expenditure on cyber security, allow this to happen? 

The starting point for cyber criminals is to find a way into a target’s network. But even when organisations make it difficult, there’s usually one or a few entry point. This is often done by using Initial Access Brokers (IABs), exploiting vulnerabilities, or using employee credentials, the most effective of the three, they need to get in without tripping any alarms. 

Often at the start of the attack the hackers will just watch an organisation and how its people work. They will monitor the different processes that staff use during a typical workday and then they will employ that knowledge to conceal their movements around the network. 

There will initially be no intrusive actions until they know how to blend in with everyday traffic of the organisation’s Security Operations Center analyst.

Attackers commonly use one of two methods to remain undetected for extended periods of time. 

  • The first is when they use genuine compromised credentials and mimic that employee’s usual behavior, for example, accessing the same files and logging in and out from the same location and at the same time. 

This is becoming increasingly more common through social engineering, email phishing attacks, and the use of IABs. It’s also highly difficult to detect because monitoring software won’t detect a change from the norm.

  • The second is used when an organisation's monitoring tools aren’t configured well enough to detect intrusions of irregular account activity, with this lack of visibility meaning it’s hard to track a cyber criminal’s movements.

According to IBM’s latest Cost of a Data Breach report, the average duration of a data breach, was 277 days - 204 days to detect the breach and a further 73 days to contain it. Furthermore, the human element is the critical factor in wider organisational failings. It really is a persistent problem and the common reason why the average time to remediate a breach is at least a year.

The fact that hacking attacks are inevitably likely to happen is now widely accepted and although attackers have the advantage, organisations must work harder to implement cyber security best practices.

National Crime Agency:     Sophos:    Crowdstrike:    ITPro:    CISO:    ZDNet:     Image: geralt

You Might Also Read: 

Nine Types of Modern Network Security Solutions:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 


 


 

« NIS2 Regulations Are Coming – Are You Ready?
Reimagining Your Cyber Infrastructure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

Cygna Labs

Cygna Labs

Cygna Labs is a software developer and one of the top three global DDI (DNS, DHCP, and IP address management) vendors.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Technology Innovation Institute (TII)

Technology Innovation Institute (TII)

TII is a UAE-based research center that aims to lead global advances in AI, robotics, quantum computing, cryptography and secure communications and more.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

Amyna Systems

Amyna Systems

Amyna has developed an IoT cybersecurity platform that prevents malignant attacks, helping users to protect themselves from cyberattacks.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.