Attackers spend 11 days in a network before detection

No Comments
web threats

The median attacker dwell time before detection is 11 days or 256 hours, according to data from Sophos. That's time in which they're free to conduct malicious activity, such as lateral movement, reconnaissance, credential dumping, data exfiltration, and more.

The company has released an 'Active Adversary Playbook' detailing attacker behaviors and the tools, techniques and procedures (TTPs) that Sophos' frontline threat hunters and incident responders saw in the wild in 2020.

Other findings include that 90 percent of attacks seen involve the use of the Remote Desktop Protocol (RDP) -- and in 69 percent of all cases, attackers used RDP for internal lateral movement. While security measures for RDP, such a VPNs and multi-factor authentication tend to focus on protecting external access these don’t work if the attacker is already inside the network.

Ransomware was involved in 81 percent of the attacks Sophos investigated. The release of ransomware is often the point at which an attack becomes visible to an IT security team.

"The threat landscape is becoming more crowded and complex, with attacks launched by adversaries with a wide range of skills and resources, from script kiddies to nation-state backed threat groups. This can make life challenging for defenders," says John Shier, senior security advisor at Sophos. "Over the last year, our incident responders helped to neutralize attacks launched by more than 37 attack groups, using more than 400 different tools between them. Many of these tools are also used by IT administrators and security professionals for their everyday tasks and spotting the difference between benign and malicious activity isn’t always easy."

Other topics covered in the playbook include the tactics and techniques most likely to signpost an active threat and warrant closer investigation, the earliest signs of attack, the most widely seen stagers, threat types and malicious artefacts, and the most prevalent adversary groups seen.

You can see the full playbook on the Sophos site.

Image creditAndreus/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

TCL 50 XL 5G Android smartphone hits Metro by T-Mobile: Big features, small price

The increasing sophistication of synthetic identity fraud

The NIST/NVD situation and vulnerability management programs

How AI will shape the future of the legal industry

Start menu ads are rolling out to all Windows 11 users -- here's how to turn them off

Qualcomm introduces Snapdragon X Plus for Windows PCs

Free test lets you check how websites measure up to privacy rules

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.