Security Market Segment LS
Tuesday, 27 February 2018 01:48

Intruders remain undetected in corporate networks an average of 86 days

By

Cloud endpoint protection provider CrowdStrike has released research revealing a threat spends an average of 86 days in a corporate network before it is detected, despite needing under two hours to move laterally to other systems on the network.

CrowdStrike’s Global Threat Report contains research from 176 countries and lists more than 90 billion threat events per day.

The report shows that in 2017, 39% of all attacks constituted malware-free intrusions which went undetected by traditional anti-virus, highlighting the necessity for stronger, smarter security tools than the signature-based methods of the past. Manufacturing, professional services and pharmaceutical industries faced the greatest number of malware-free attacks.

“Malware-free” is a technique to compromise the target without using malware, giving a higher chance of going undetected. Spear-phishing attacks aim to steal credentials, which are then used to log in and authenticate.

The evolution of the threat landscape beyond conventional security methods is further pronounced following the release of state-sponsored hacking tools, blurring the lines between statecraft and tradecraft, making advanced exploits available to all. Both WannaCry and NotPetya originated from stolen and leaked NSA code.

CrowdStrike’s Threat Graph data indicates an intruder can move to other systems within the network, once access has been gained, in an average of one hour and 58 minutes.

“They move typically through stolen credentials,” says Michael Sentonas, vice-president of Technology Strategy for CrwodStrike. “They get into the network far enough to steal credentials, or the credential they are using allows them to start escalating privilege. If I log into a network as you, it becomes hard for someone to detect if it is me or you."

A malicious person can establish persistence, build backdoors and take other actions, safe from detection by traditional anti-virus tools.

“Every week we’re finding existing threats, even during proof-of-concept with new prospective customers,” Sentonas says. “They try the technology in the network to give it a go and see how it interacts with their systems and to get a feel for a real-world deployment. In many cases, the proof-of-concept evaluation flags something is going on. The company has been compromised. Maybe it’s an active intrusion, and maybe something is left over still communicating outside.”

The research further reveals extortion and weaponisation of data have become mainstream among cyber criminals, that nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical and militaristic exploration, and that supply chain compromises and crypto-fraud and mining present new attack vectors for state-sponsored and criminal actors.

“In 2018 we will see much of the same,” Sentonas says. “We will see continued successful ransomware attacks because organisations are not patching and are not as secure as they think they are. We're statistically due for another ransomware attack, and attacking the supply chain is likely the way it will happen.”

“The security industry does a good job of bubbling up important headlines but we sometimes lose relevancy. A lot of the security vendors say ransomware went up by 20% and this type of malware went up by this percent but at the end of the day who cares?” Sentonas says. “It's not relevant to the average person. When we talk about threat intelligence and learning and talk about what's happening there are a lot of techniques that prove the attackers are successful. So what do we learn?”

“For me, it’s about constantly challenging the architectures we use and rethinking how we can get better and improve our security posture. Some of the things attackers are doing are so successful we have to pause and rethink."


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments