Report Finds Increasing Evidence of Cyber Attacks Penetrating Networks

A new study has identified a surge in the typical indicators of targeted attacks on today's networks. In a six-month study of 40 customer and prospect networks (a total of more than 250,000 hosts) across multiple industries, malware detection company Vectra Networks found a 580 percent increase in lateral movement detections and a 270 percent increase in reconnaissance detections compared to last year — both signs of targeted attacks that have penetrated a network's security perimeter. Nearly 25 percent of the data analyzed was from education networks.

"The increase in lateral movement and reconnaissance detections shows that attempts at pulling off targeted attacks continue to be on the rise," said Oliver Tavakoli, CTO for Vectra Networks, in a press release. "The attackers' batting average hasn't changed much, but more at-bats invariably has translated into more hits."

While the study found just 6 percent growth in command-and-control communication, high-risk Tor detections jumped by more than 1,000 percent, accounting for 14 percent of all command-and-control traffic. External remote access increased by 183 percent over last year.

In addition, a comparison of hidden tunnels in encrypted traffic vs. clear traffic revealed that "HTTPS is favored over HTTP for hidden tunnels, indicating an attacker's preference for encryption to hide their communications," according to a statement from the company.

Other findings include:

  • Botnet monetization behavior grew linearly compared to last year's report. Ad click-fraud was the most commonly observed botnet monetization behavior, representing 85 percent of all botnet detections.
  • Within the category of lateral movement detections, brute-force attacks accounted for 56 percent, automated replication accounted for 22 percent and Kerberos-based attacks accounted for 16 percent. Although only the third most frequent detection, Kerberos-based attacks grew by 400 percent compared to last year.
  • Of internal reconnaissance detections, port scans represented 53 percent while darknet scans represented 47 percent, which is fairly consistent with behavior detected last year.

The Post-Intrusion Report is available for download at the Vectra Networks site.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • blue AI cloud connected to circuit lines, a server stack, and a shield with a padlock icon

    Report: AI Security Controls Lag Behind Adoption of AI Cloud Services

    According to a recent report from cybersecurity firm Wiz, nearly nine out of 10 organizations are already using AI services in the cloud — but fewer than one in seven have implemented AI-specific security controls.

  • stacks of glowing digital documents with circuit patterns and data streams

    Mistral AI Intros Advanced AI-Powered OCR

    French AI startup Mistral AI has announced Mistral OCR, an advanced optical character recognition (OCR) API designed to convert printed and scanned documents into digital files with "unprecedented accuracy."

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.

  • teenager interacts with a chatbot on a computer screen

    Character.AI Rolls Out New Parental Insights Feature Amid Safety Concerns

    Chatbot platform Character.AI has introduced a new Parental Insights feature aimed at giving parents a window into their children's activity on the platform. The feature allows users under 18 to share a weekly report of their chatbot interactions directly with a parent's e-mail address.