"82% of Attacks Show Cybercriminals Targeting Telemetry Data"
According to security researchers at Sophos, cybercriminals have been observed disabling or wiping out logs in 82% of incidents. The researchers stated that time is critical when responding to an active threat. The time between spotting the initial access event and full threat mitigation should be as short as possible. The researchers noted that the farther along in the attack chain an attacker makes it, the bigger the headache for responders. The researchers added that missing telemetry only adds time to remediations that most organizations can’t afford. This is why complete and accurate logging is essential, but the researchers say most don’t have the data they need. During the new study, the researchers categorized ransomware attacks based on dwell time, with attacks lasting five days or less labeled as “fast attacks,” constituting 38% of the cases examined. The remaining 62% are categorized as “slow” attacks, with a dwell time exceeding five days. Upon closer inspection of both fast and slow ransomware attacks, the researchers observed minimal variations in the tools, techniques, and deployment of living-off-the-land binaries (LOLBins) by attackers. The researchers stated that this suggests that defenders may not need to overhaul their defensive strategies as dwell time decreases.
Infosecurity reports: "82% of Attacks Show Cybercriminals Targeting Telemetry Data"
Submitted by Adam Ekwall
on
According to security researchers at Sophos, cybercriminals have been observed disabling or wiping out logs in 82% of incidents. The researchers stated that time is critical when responding to an active threat. The time between spotting the initial access event and full threat mitigation should be as short as possible. The researchers noted that the farther along in the attack chain an attacker makes it, the bigger the headache for responders. The researchers added that missing telemetry only adds time to remediations that most organizations can’t afford. This is why complete and accurate logging is essential, but the researchers say most don’t have the data they need. During the new study, the researchers categorized ransomware attacks based on dwell time, with attacks lasting five days or less labeled as “fast attacks,” constituting 38% of the cases examined. The remaining 62% are categorized as “slow” attacks, with a dwell time exceeding five days. Upon closer inspection of both fast and slow ransomware attacks, the researchers observed minimal variations in the tools, techniques, and deployment of living-off-the-land binaries (LOLBins) by attackers. The researchers stated that this suggests that defenders may not need to overhaul their defensive strategies as dwell time decreases.
Infosecurity reports: "82% of Attacks Show Cybercriminals Targeting Telemetry Data"