@Vectra_networks Post Intrusion Report 2015
The Vectra Networks™ Post-Intrusion Report (PIR) provides a first-hand analysis of active and persistent network threats inside an organization. This study takes a multidisciplinary approach that spans all strategic phases of a cyber attack, and as a result reveals trends related to malware behavior, attacker communication techniques, internal reconnaissance, lateral movement, and data exfiltration.
Key Findings:
• 100% of the networks analyzed in the report exhibited one or more indicators of a targeted attack.
• Targeted attack indicators were on the rise, led by a 580% increase in lateral movement techniques along with a 270% increase in internal reconnaissance. A spike in these behaviors may indicate that attackers are increasingly successful at penetrating perimeter defenses.
• While command and control behaviors remained flat, the riskiest forms of command and control were on the rise with a marked increase in Tor as well as external remote access tools.
• For the first time, Vectra was able to perform a study of hidden tunnels without the need to decrypt SSL. This analysis showed that HTTPS is the preferred vehicle over HTTP for hidden tunnels.
La comunidad se sustenta de los aportes de los integrantes, que basados en sus conocimientos y experiencias, le permiten al resto mejorar su nivel académico y profesional.
Key Findings:
• 100% of the networks analyzed in the report exhibited one or more indicators of a targeted attack.
• Targeted attack indicators were on the rise, led by a 580% increase in lateral movement techniques along with a 270% increase in internal reconnaissance. A spike in these behaviors may indicate that attackers are increasingly successful at penetrating perimeter defenses.
• While command and control behaviors remained flat, the riskiest forms of command and control were on the rise with a marked increase in Tor as well as external remote access tools.
• For the first time, Vectra was able to perform a study of hidden tunnels without the need to decrypt SSL. This analysis showed that HTTPS is the preferred vehicle over HTTP for hidden tunnels.
La comunidad se sustenta de los aportes de los integrantes, que basados en sus conocimientos y experiencias, le permiten al resto mejorar su nivel académico y profesional.
No hay comentarios.