Undetected Attackers Could Be Inside Your IT Systems Now

Cyber crime is continuing to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Indeed, the challenge of defending an organisation against cyber threats and attacks are considerable - attackers are constantly adapting their tools and malicious activities in order to exploit new opportunities, evade detection and stay ahead of security teams. 

Cyber crime costs $billions, causes untold damage and threatens national security. Recently, GoDaddy and News Corp. said that hackers were in their IT systems for years. How could such large organisations, with excellent IT teams and expenditure on cyber security, allow this to happen? 

The starting point for cyber criminals is to find a way into a target’s network. But even when organisations make it difficult, there’s usually one or a few entry point. This is often done by using Initial Access Brokers (IABs), exploiting vulnerabilities, or using employee credentials, the most effective of the three, they need to get in without tripping any alarms. 

Often at the start of the attack the hackers will just watch an organisation and how its people work. They will monitor the different processes that staff use during a typical workday and then they will employ that knowledge to conceal their movements around the network. 

There will initially be no intrusive actions until they know how to blend in with everyday traffic of the organisation’s Security Operations Center analyst.

Attackers commonly use one of two methods to remain undetected for extended periods of time. 

  • The first is when they use genuine compromised credentials and mimic that employee’s usual behavior, for example, accessing the same files and logging in and out from the same location and at the same time. 

This is becoming increasingly more common through social engineering, email phishing attacks, and the use of IABs. It’s also highly difficult to detect because monitoring software won’t detect a change from the norm.

  • The second is used when an organisation's monitoring tools aren’t configured well enough to detect intrusions of irregular account activity, with this lack of visibility meaning it’s hard to track a cyber criminal’s movements.

According to IBM’s latest Cost of a Data Breach report, the average duration of a data breach, was 277 days - 204 days to detect the breach and a further 73 days to contain it. Furthermore, the human element is the critical factor in wider organisational failings. It really is a persistent problem and the common reason why the average time to remediate a breach is at least a year.

The fact that hacking attacks are inevitably likely to happen is now widely accepted and although attackers have the advantage, organisations must work harder to implement cyber security best practices.

National Crime Agency:     Sophos:    Crowdstrike:    ITPro:    CISO:    ZDNet:     Image: geralt

You Might Also Read: 

Nine Types of Modern Network Security Solutions:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 


 


 

« NIS2 Regulations Are Coming – Are You Ready?
Reimagining Your Cyber Infrastructure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

SharkStriker

SharkStriker

SharkStriker is a US based managed security services provider with SOCs and offices across the globe.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).