Security Market Segment LS
Tuesday, 27 February 2018 01:48

Intruders remain undetected in corporate networks an average of 86 days


Cloud endpoint protection provider CrowdStrike has released research revealing a threat spends an average of 86 days in a corporate network before it is detected, despite needing under two hours to move laterally to other systems on the network.

CrowdStrike’s Global Threat Report contains research from 176 countries and lists more than 90 billion threat events per day.

The report shows that in 2017, 39% of all attacks constituted malware-free intrusions which went undetected by traditional anti-virus, highlighting the necessity for stronger, smarter security tools than the signature-based methods of the past. Manufacturing, professional services and pharmaceutical industries faced the greatest number of malware-free attacks.

“Malware-free” is a technique to compromise the target without using malware, giving a higher chance of going undetected. Spear-phishing attacks aim to steal credentials, which are then used to log in and authenticate.

The evolution of the threat landscape beyond conventional security methods is further pronounced following the release of state-sponsored hacking tools, blurring the lines between statecraft and tradecraft, making advanced exploits available to all. Both WannaCry and NotPetya originated from stolen and leaked NSA code.

CrowdStrike’s Threat Graph data indicates an intruder can move to other systems within the network, once access has been gained, in an average of one hour and 58 minutes.

“They move typically through stolen credentials,” says Michael Sentonas, vice-president of Technology Strategy for CrwodStrike. “They get into the network far enough to steal credentials, or the credential they are using allows them to start escalating privilege. If I log into a network as you, it becomes hard for someone to detect if it is me or you."

A malicious person can establish persistence, build backdoors and take other actions, safe from detection by traditional anti-virus tools.

“Every week we’re finding existing threats, even during proof-of-concept with new prospective customers,” Sentonas says. “They try the technology in the network to give it a go and see how it interacts with their systems and to get a feel for a real-world deployment. In many cases, the proof-of-concept evaluation flags something is going on. The company has been compromised. Maybe it’s an active intrusion, and maybe something is left over still communicating outside.”

The research further reveals extortion and weaponisation of data have become mainstream among cyber criminals, that nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical and militaristic exploration, and that supply chain compromises and crypto-fraud and mining present new attack vectors for state-sponsored and criminal actors.

“In 2018 we will see much of the same,” Sentonas says. “We will see continued successful ransomware attacks because organisations are not patching and are not as secure as they think they are. We're statistically due for another ransomware attack, and attacking the supply chain is likely the way it will happen.”

“The security industry does a good job of bubbling up important headlines but we sometimes lose relevancy. A lot of the security vendors say ransomware went up by 20% and this type of malware went up by this percent but at the end of the day who cares?” Sentonas says. “It's not relevant to the average person. When we talk about threat intelligence and learning and talk about what's happening there are a lot of techniques that prove the attackers are successful. So what do we learn?”

“For me, it’s about constantly challenging the architectures we use and rethinking how we can get better and improve our security posture. Some of the things attackers are doing are so successful we have to pause and rethink."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.



Recent Comments