Targeted Attacks Cause Damage in Multiple Ways
Overall, 15 percent of hosts in the participating organizations experienced a targeted attack, according to a Vectra Networks report.More than 11,000 hosts experienced one or multiple cyber-attacks that made it through perimeter defenses, and of these attacked hosts, 10 percent had detections for two or more attack phases, such as botnet monetization, command and control, reconnaissance, lateral movement and exfiltration, according to a Vectra Networks study. The company's Post Breach Industry Report collected data over five months from more than 100,000 hosts within sample organizations to gain a deeper understanding of breaches that inevitably bypass perimeter defenses, and what attackers do once inside networks. "The first goal of this report is to highlight indications of an attack that hide in plain sight. The security industry is accustomed to presenting information from the vantage point of perimeter and endpoint security, and they have over-invested in prevention and blocking technologies that depend on signatures and reputation lists," Oliver Tavakoli, Vectra Networks' chief technology officer, told eWEEK. "These techniques are decreasingly effective at stopping attacks and provide no insight into the attacks that get through the perimeter or what the attacker is doing once inside the network." Tavakoli explained the second goal is to help organizations know what to look for as indications of an in-progress attack and understand the story they tell, which he said is especially true for targeted attacks that play out over days or weeks.
"Detecting a single behavior alone can't tell you what the attacker will ultimately try to steal," he said. "Targeted attackers are patient and stealthy; once you find them and see what they are doing, you can use this insight to inform your incident response team."