Report Finds Increasing Evidence of Cyber Attacks Penetrating Networks -- THE Journal

Cybersecurity

Report Finds Increasing Evidence of Cyber Attacks Penetrating Networks

By Rhea Kelly
06/23/15

A new study has identified a surge in the typical indicators of targeted attacks on today's networks. In a six-month study of 40 customer and prospect networks (a total of more than 250,000 hosts) across multiple industries, malware detection company Vectra Networks found a 580 percent increase in lateral movement detections and a 270 percent increase in reconnaissance detections compared to last year — both signs of targeted attacks that have penetrated a network's security perimeter. Nearly 25 percent of the data analyzed was from education networks.

"The increase in lateral movement and reconnaissance detections shows that attempts at pulling off targeted attacks continue to be on the rise," said Oliver Tavakoli, CTO for Vectra Networks, in a press release. "The attackers' batting average hasn't changed much, but more at-bats invariably has translated into more hits."

While the study found just 6 percent growth in command-and-control communication, high-risk Tor detections jumped by more than 1,000 percent, accounting for 14 percent of all command-and-control traffic. External remote access increased by 183 percent over last year.

In addition, a comparison of hidden tunnels in encrypted traffic vs. clear traffic revealed that "HTTPS is favored over HTTP for hidden tunnels, indicating an attacker's preference for encryption to hide their communications," according to a statement from the company.

Other findings include:

Botnet monetization behavior grew linearly compared to last year's report. Ad click-fraud was the most commonly observed botnet monetization behavior, representing 85 percent of all botnet detections.
Within the category of lateral movement detections, brute-force attacks accounted for 56 percent, automated replication accounted for 22 percent and Kerberos-based attacks accounted for 16 percent. Although only the third most frequent detection, Kerberos-based attacks grew by 400 percent compared to last year.
Of internal reconnaissance detections, port scans represented 53 percent while darknet scans represented 47 percent, which is fairly consistent with behavior detected last year.

The Post-Intrusion Report is available for download at the Vectra Networks site.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

E-Mail this page

Printable Format

Featured

McGraw Hill Launches AI-Powered ALEKS for Calculus

McGraw Hill has added ALEKS for Calculus to its lineup of ALEKS digital learning products, bringing AI-powered personalized learning support to the calculus classroom.
Anthropic Study Tracks AI Adoption Trends Across Countries, Industries

Adoption of AI tools is growing quickly but remains uneven across countries and industries, with higher-income economies using them far more per person and companies favoring automated deployments over collaborative ones, according to a recent study from Anthropic.
OpenAI Developing Teen Version of ChatGPT with Parental Controls

OpenAI has announced it is developing a separate version of ChatGPT for teenagers and will use an age-prediction system to steer users under 18 away from the standard product, as U.S. lawmakers and regulators intensify scrutiny of chatbot risks to minors.
Survey: AI Shifting from Cloud to PCs

A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.