Vectra Networks’ Post Breach Report Reveals Attacker Habits

Vectra Networks’ Post Breach Report Reveals Attacker Habits

A new study shows that 10 percent of cyberattacks bypass end user security measures. What can you do to protect yourself?

Ten percent of hosts experience at least one or more cyberattacks that bypass enterprise security perimeter defenses, according to a new study by security solution provider Vectra Networks.

The company’s inaugural Post Breach Industry Report found about one out of every 10 hosts studied were infiltrated by malicious software capable of getting past their primary means of security, signaling that basic endpoint security isn’t always an adequate fix for companies seeking to prevent hackers from stealing valuable information.

“While many industry reports study perimeter defenses and app/web usage by authorized users on the network, The Post Breach Industry Report is the industry’s first which studied how many attacks successfully bypass perimeter security, and what attackers do once they gain network access,” said Oliver Tavakoli, CTO of Vectra Networks, in a statement.

Vectra studied 100,000 hosts within sample organizations over a period of five months to compile the information for its Post Breach Report. The study also found that of the 11,000 hosts who were breached, about 10 percent had detections for two or more attack phases, including botnet monetization, command and control, reconnaissance, lateral movement and exfiltration.

“Cyberattacks are increasingly sophisticated, highly organized, and successful despite $60 billion invested in cybersecurity annually worldwide,” said Tavakoli. “All of the attack phases detected are ones that evaded organizations’ perimeter and endpoint security systems.”

A total of 15 percent of all sample hosts in the study experienced some kind of targeted attack, in which the hacker specifically targeted the host before the attack was initiated. Overall, these attacks consisted of attackers establishing a stronghold and then performing reconnaissance through internal port scans, command and control communication and other means to infiltrate the targeted host.

About 85 percent of all recorded attackers were opportunistic in nature, with hackers were not targeting individuals personally but exploiting an apparent system weakness. Seven percent of all hosts experienced both botnet and exfiltration detections, which indicates the theft of credentials for use in additional targeted attacks, according to the report.

So what should you do if you’re worried about becoming the Target or Home Depot? It goes without saying every organization should have some kind of endpoint security protocol in place to deter attacks, but there are some other simple ways to lower the chances of suffering a major security breach.

For starters, make sure all your employee-owned devices follow a strict mobile security policy, and employees are well-educated on the risks associated with exposing corporate documents to potentially harmful apps or software. Also, avoid using unprotected Wi-Fi networks whenever possible, including those at your local Starbucks or at the airport. And, as always, have a contingency plan set up in case you do experience a breach; remember, it’s just as important to control what happens during and after an attack as it is to prevent one in the first place.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.