advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

Attackers are spending a lot more time in your network

Here is some bad news from Sophos as the median time spent on a network by attackers increased from 11 days in 2020 to 15 days in 2021.

This is according to the firm’s Active Adversary Playbook 2022 which it has released today. This research is based on studies from 144 incidents that took place in 2021 in the US, Canada, the UK, Germany, Italy, Spain, France, Switzerland, Belgium, Netherlands, Austria, the United Arab Emirates, Saudi Arabia, the Philippines, the Bahamas, Angola, and Japan.

The largest portion of attacks took place in the following sectors:

  • Manufacturing – 17 percent.
  • Retail – 14 percent.
  • Healthcare 13 percent.
  • IT – 9 percent.
  • Construction – 8 percent.
  • Education – 8 percent.

The research has come across a number of alarming findings such as the fact that attackers linger in networks of small companies (up to 250 employees) for 51 days compared to 20 days in organisations with 3 000 to 5 000 employees.

“Attackers consider larger organizations to be more valuable, so they are more motivated to get in, get what they want and get out. Smaller organizations have less perceived ‘value,’ so attackers can afford to lurk around the network in the background for a longer period. It’s also possible these attackers were less experienced and needed more time to figure out what to do once they were inside the network. Lastly, smaller organizations typically have less visibility along the attack chain to detect and eject attackers, prolonging their presence,” explains senior security advisor at Sophos, John Shier.

Another interesting finding relates to a drop in the use of Remote Desktop Protocol for external access to a network. What Sophos has discovered, however, is that attackers make use of RDP for movement within an organisation. Sophos found the use of RDP for lateral movement in 82 percent of cases it studied.

More of a concern is the proliferation of data exfiltration in ransomware attacks.

“Seventy-three percent of incidents Sophos responded to in 2021 involved ransomware. Of these ransomware incidents, 50 percent also involved data exfiltration. Data exfiltration is often the last stage of the attack before the release of the ransomware, and the incident investigations revealed the mean gap between them was 4.28 days and the median was 1.84 days,” explained Sophos.

You can find a comprehensive write up from the Active Adversary Playbook 2022 at this URL.

[Image – CC 0 Pixabay]

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

TikTok may just exit the US market

SA saying “Goodbye malaria!”

Local ISPs reveal the fibre network operators they hate working with

SPEEDRUN – Nearly half of SA companies are using Gen AI

Start saving for LEGO’s May releases in South Africa

Zuckerberg warns Meta investors that profits from AI will take time

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.