Share this article on:
Concentrating resources on improving protections for computer networks will make it harder for hackers to gain access to protected data; however, according to a report from Vectra Networks, there is a high probability hackers are already inside. In a recent security test, all computer networks analyzed showed some evidence of a targeted intrusion having already taken place.
Vectra analyzed the computer networks and end point devices of 40 enterprises, and each network was found to include some indicators of a targeted attack, regardless of the size of the network. Over a quarter of a million devices were analyzed by the network security company as part of the study.
Stages of a Malware Attack
The first stage involves infection of a PC or other device, using a targeted attack such as a spear phishing campaign, or a more random means of spreading the malware: Infecting websites for example. Once code has been downloaded onto a target machine, hackers can start to make changes to the system.
Command and Control
The first phase of the attack proper occurs when a foothold in a system has been gained. The malware starts to communicate, identifying an infected machine. Hackers can then start to carry out their objectives; such as inclusion of the PC in a botnet.
Often botnets will be set up and malicious software installed and hackers opt for lateral movement. This occurs in 34% of cases according to the report. 13% of attacks involve searching the network for other targets. Network searches have increased by 4% year on year as hackers start to look for more ways to exploit the owners of the hardware.
When data has been identified as valuable, the attacker moves to the final stage; data exfiltration; the most dangerous phase where data is stolen from the network. Once a channel is set up, all data stored on the computer could be automatically copied automatically, without the user or IT department being aware.
Attackers Know Where to Hide to Avoid Detection
Hackers were found to have used a variety of security flaws to gain a foothold into computer systems. Once inside they concentrate on setting up a secure network channel to send data out of the system without ringing alarm bells.
According to Wade Williamson, director of product marketing at Vectra Networks, “Once they get an exfiltration channel set it up, they can leave it open to steal data for a long while.”
Hackers know how and where to hide their activities. According to the report, hackers are mainly hiding activity in fake browser activity logs, newly-generated domains, the TOR network, and external remote access. Peer to Peer file sharing networks are only believed to be used infrequently, as are hidden HTTPS tunnels; however it is the latter that poses one of the biggest data security threats. Hidden HTTPS tunnels are very difficult to spot. Hackers often hide code inside text fields and headers that are not scanned by all anti-malware programs. Hackers have also found a way to hide code in PNG files and take advantage of encrypted traffic.
Still Time to Organizations to Act
While all systems showed signs of attack, not all were at the most critical stage, giving the organizations concerned time take steps to remove the malware and improve security defenses. Only 3% of intrusions had reached the final exfiltration stage.
Healthcare providers and other covered entities not yet conducting regular malware-scans are taking a considerable risk. Hackers could already be inside their networks stealing data on patients and employees. Only a regular and thorough anti-malware scan will identify unwanted programs before they can be activated by hackers and used to steal healthcare data.
The study was conducted on small organizations with fewer than 1,000 users, as well as large corporations with over 50,000 users. Each participant in the study received a scan of their system using Vectra’s software. Some test subjects were already clients of Vectra, others had not previously used the software.