Cybercriminals Disabled 82% of attacks lacking Telemetry Data 

Sophos global leader in innovating and delivering cybersecurity as a service, has released its Active Adversary Report for Security Practitioners, which found that telemetry logs were missing in nearly 42% of the attack cases studied.

In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks. The report covers Incident Response cases that Sophos analyzed from January 2022 through the first half of 2023.

Gaps in telemetry decrease much-needed visibility into organizations’ networks and systems, especially since attacker dwell time (the time from initial access to detection) continues to decline, shortening the time defenders have to effectively respond to an incident.

“Time is critical when responding to an active threat; the time between spotting the initial access event and full threat mitigation should be as short as possible. The farther along in the attack chain an attacker makes it, the bigger the headache for responders. Missing telemetry only adds time to remediations that most organizations can’t afford. This is why complete and accurate logging is essential, but we’re seeing that, all too frequently, organizations don’t have the data they need,” said John Shier, field CTO, Sophos.

In the report, Sophos classifies ransomware attacks with a dwell time of less than or equal to five days as “fast attacks,” which accounted for 38% of the cases studied. “Slow” ransomware attacks are those with a dwell time greater than five days, which accounted for 62% of the cases.

Read Also: Sophos Supports Shift to Hybrid Environments with New Remotely Managed Wi-Fi 6 Access

When examining these “fast” and “slow” ransomware attacks at a granular level, there was not much variation in the tools, techniques, and living-off-the-land binaries [LOLBins] that attackers deployed, suggesting defenders don’t need to reinvent their defensive strategies as dwell time shrinks.

However, defenders do need to be aware that fast attacks and the lack of telemetry can hinder fast response times, leading to more destruction.

“Cybercriminals only innovate when they must, and only to the extent that it gets them to their target. Attackers aren’t going to change what’s working, even if they’re moving faster from access to detection. This is good news for organizations because they don’t have to radically change their defensive strategy as attackers speed up their timelines,” said Shier

He added that the same defenses that detect fast attacks will apply to all attacks, regardless of speed.

This includes complete telemetry, robust protections across everything, and ubiquitous monitoring

“The key is increasing friction whenever possible—if you make the attackers’ job harder, then you can add valuable time to respond, stretching out each stage of an attack.

For instance, in the context of a ransomware attack, the introduction of more obstacles or barriers can result in a delay in the exfiltration phase. Exfiltration typically takes place shortly before detection and tends to be the most expensive phase of the attack.

This phenomenon was observed in two instances involving the Cuba ransomware. One company, referred to as “Company A,” had implemented continuous monitoring along with Managed Detection and Response (MDR) services.

As a result, we were able to identify the malicious activity promptly and thwart the attack within a few hours, preventing any data theft. In contrast, another company, “Company B,” lacked these friction-inducing measures.

They only became aware of the attack several weeks after the initial breach, by which time Cuba had already successfully exfiltrated 75 gigabytes of sensitive data.

Read Also: Cybercriminals Encrypt Data in 75% of Healthcare Ransomware Attacks-Report

Subsequently, they engaged our Incident Response (IR) team, and even a month later, they were still grappling with the challenge of returning to normal business operations.

The Sophos Active Adversary Report for Security Practitioners is based on 232 Sophos Incident response cases across 25 sectors from Jan. 1, 2022, to June 30, 2023. Targeted organizations were located in 34 different countries across six continents. Eighty-three percent of cases came from organizations with fewer than 1,000 employees.

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

vivo V29 5G Smartphone now in Kenya, Priced at Sh64,999

Thu Nov 16 , 2023
Share on Facebook Tweet it Share on Reddit Pin it Share it Email vivo, a leading technology brand, has introduced its latest flagship V29 5G smartphone in Kenya, continuing its legacy of innovation and modern design. The device features a groundbreaking 120 Hz 3D Curved Screen and enhances photography capabilities […]

You May Also Like

Chief Editor

Jacktone Lawi

Meet Jacktone Lawi, a seasoned technology journalist with years of experience in the industry. I have developed my passion for technology during my formative years, which has been instrumental in shaping my career trajectory. My expertise lies in reporting on emerging technologies and their impact on businesses and consumers worldwide. Through my experience I’m well-versed in covering topics such as artificial intelligence, blockchain, cybersecurity, cloud computing, and digital transformation, among others. Throughout my career, I have has demonstrated an exceptional ability to distill complex technical information into accessible and engaging content that resonates with my readers. My writing style is clear, concise, and informative, allowing me to communicate even the most technical concepts to a broad audience. Beyond my writing skills, I have also become known for extensive network of industry contacts and ability to secure exclusive interviews with high-profile figures in the technology world. These connections have enabled me to gain unique insights into the latest trends and developments in the field, giving me a competitive edge in my reporting. In addition to my work as a journalist, I’m also actively engaged in the broader technology community. Where I regularly attend conferences and events, share insights and stays up-to-date on the latest innovations in the industry. Overall, my wealth of experience as a technology journalist have given me a deep understanding of the industry and its impact on society.

Quick Links