Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 30 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Industry’s First Cyber Weapons Study Reveals the Tools Attackers Use After Breaking into a Network

by The Gurus
July 1, 2016
in Editor's News
Share on FacebookShare on Twitter

LightCyber, a leading provider of Behavioural Attack Detection solutions, today announced the results of its Cyber Weapons Report 2016, a first-of-its-kind industry study which uncovers the top tools attackers use once they penetrate a network and work towards successfully conducting a data breach or other goals.
The study found that 99 percent of post-intrusion cyberattack activities did not employ malware, but rather employed standard networking, IT administration and other tools. While malware was commonly used to initially compromise a host, once inside a network, malicious actors do not typically utilise malware. As an example, Angry IP Scanner was the most common tool observed associated with anomalous attack behaviour, followed closely by Nmap. Attackers use common networking tools in order to conduct “low and slow” attack activities while avoiding detection. Sophisticated attackers using these tools—rather than known malware—can typically work undetected for an average of five months, according to multiple industry reports.
Once inside a network, an attacker must learn about the network that they’ve compromised and map its resources and vulnerabilities. The highest frequency attacker activity is reconnaissance followed by lateral movement and then command and control communication.
“The new Cyber Weapons Report uniquely reveals that malware is not the mechanism that network attackers use once they circumvent preventative security and compromise a network,” said Jason Matlof, executive vice president, LightCyber. “Despite these increasingly well understood realities, our industry still has an unshakable obsession with malware. With the increasing incidence of successful data breaches and theft of company secrets, it’s clear that the conventional malware-focused security infrastructure is insufficient, and we must develop new techniques to find active attackers using their operational activities.”
Results for the study were tabulated over six months, analysing end-user networks totalling 100,000s of endpoints worldwide. Sample organisations ranged in size from 1,000 to 50,000 endpoints, spanning industries such as finance, healthcare, transportation, government, telecommunications and technology.
The study analysed network activity gathered from the LightCyber Magna™ Behavioural Attack Detection platform, which is uniquely capable of automatically discovering the source software processes associated with the anomalous network behaviour observed. LightCyber Magna also automatically analysed these executable files via the Magna Cloud Expert System to augment the security operations investigative processes.
For a copy of the report, please go here.
Additional key findings of the study include:

  • SecureCRT, a SecureShell (SSH) and Telnet client, topped the list of admin tools employed in attacks, representing 28.5 percent of all incidents reviewed in this study. These admin tools generated security alerts associated with anomalous network attack behaviours, such as new admin behaviour, remote code execution and reverse connection (reverse shell), among others.
  • The most popular remote desktop tool used by attackers discovered in this study was TeamViewer, a cloud-based or locally hosted remote desktop and web conferencing product, which accounted for 37.2 of all incidents in the study. Remote desktop tools used by attackers manifested several anomalous attack behaviours, including command and control (tunneling) and lateral movement.
  • Attackers may leverage ordinary end-user programs like web browsers, file transfer clients and native system tools for command and control and data exfiltration activity. The most mundane applications, in the wrong hands, can be used for malicious purposes.

The LightCyber Magna platform uses behavioural profiling to learn what is normal on the network and endpoints, and thereby detects anomalous attacker behaviours that are, by necessity, required to perpetrate a successful breach or conduct malicious goals, including command and control, reconnaissance, lateral movement and data exfiltration. These behaviours can be identified early to reduce attacker dwell time and curtail attack activity. At the same time, Magna can identify harmful activity from insiders—rogue or unaware employees or contractors—that is either intentionally malicious or unknowingly dangerous. Magna presents a small number of actionable alerts with supporting contextual and investigative details to greatly enhance the efficiency of a security operations team in its detection and remediation operations.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

5 Common Mistakes to Avoid in Cyber Incident Response

Next Post

Satana Ransomware Encrypts Your Boot Record and Prevents Your PC from Starting

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 30, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information