Main menu

Pages

Hackers are now hiding inside networks for longer. That's not a good sign

 Hackers are now hiding inside networks for longer. That's not a good sign!!


Cybercriminals spend more time inside networks before they're discovered, and this allows them to do more damage.

The amount of time criminal hackers spend online is increasing within victims ' networks, giving them the ability to carry out higher complexity campaigns and more damaging cyber attacks. 

According to an analysis by Sophos cybersecurity researchers, who examined incidents targeting organizations around the world and across a wide range of industry sectors, the average time cyber criminals spend inside at-risk networks is now 15 days, up from 11 days a year earlier. 


Dwell time is the number of time hackers is inside the network before they're discovered or before they leave-and the ability to spend an increasing amount of time inside an undetected compromised network means they're able to more carefully conduct malicious activity, such as monitoring users, stealing data or laying the foundations for a malware attack or ransomware. 

"Going deeper into networks only allows them to penetrate hard-to-reach areas and find that business-critical data," he added. 

One of the main methods used by cybercriminals to gain initial access to networks is through unpatched vulnerabilities, something Sophos says is the root cause of 47% of the incidents they investigated last year.

Some of the most exploited were proxy login and Microsoft Exchange server vulnerabilities, which SharePoint describes as" widespread and easily exploitable " – and one of the reasons cybercriminals were able to spend more time in networks because many organizations were slow, or still did not apply security patches. 

Among the organizations that struggle the most - and have the longest average housing times-are small businesses (21 days) and educational organizations (34 days).  


Typically, these organizations struggle to find the budget, resources, and enough information security personnel to effectively manage basic cybersecurity, not to mention the rapid detection of suspicious activity in the network.


Other techniques used by cybercriminals to penetrate the network include phishing attacks, as well as the use of stolen login credentials, taken from previous data dumps. Hackers can also access networks using brute force attacks to break accounts with weak or common passwords. 


No matter how hackers enter the network or who they target, their ability to spend longer inside networks undetected is bad for those who are hacked.


"We've seen this-multiple attackers end up in the same network, multiple ransomware crews end up in the same network, and the same crew returns to the same network again because the company didn't close the hole in the first place after they recovered – that's what the longer dwell times are," Scheer said. 


There are steps organizations can take to improve their cybersecurity defenses to prevent hackers from entering the network, including applying security updates as quickly as possible, especially on critical systems, to prevent cybercriminals from exploiting known vulnerabilities.  


Providing users with multi-factor authentication also adds an extra layer of security, because even if hackers try to use stolen passwords, it provides an additional barrier to overcome. 


But even with several layers of defense, it's possible that hackers can gain access to the network so it's important to have an information security team in place that knows what regular activity looks like and can identify and investigate potentially harmful behavior. 


"Security teams can defend their organization by monitoring and investigating suspicious activities. "It's not always easy to spot the difference between benign and malignant," Scher said. 


"Technology in any environment, whether cyber or physical, can do a lot but that is not enough in itself. "Human expertise, skill, and responsiveness are a vital part of any security solution.

Comments