7 | Cyber criminals spend three months lurking in target networks (簡訳:サイバー犯罪者はターゲットネットワークに3か月間潜んでいます) | ----------- | |
ComputerWeekly.com | 2020-01-14 22:20 | ????0? | |
CrowdStrike said it saw a significant number of breaches by targeted adversaries that gained initial access more than 12 months before discovery and, in a handful of cases, more than three years. The firm said this clearly showed a need for better visibility and proactive threat hunting. It also indicated that, in some cases, state-sponsored threat actors were deploying countermeasures that let them stay hidden for longer, especially in organisations foolish enough to continue to use legacy security.While inside the network, threat actors may take any number of actions. In a ransomware attack such as that experienced by Travelex, they may explore the target’s backups and find out how they are organised so that they can encrypt live systems and backups. This will significantly increase their leverage over the target, and the potential for a successful attack, because the victim will be unable to ignore their demands and restore their systems. It should be noted that at the time of writing, there is no indication that Travelex’s backups have been encrypted.“The 2019 services report offers organisations valuable takeaways to increase proactive security measures aimed at creating a more cyber resilient environment. As adversaries are stealthier than ever, with new attack vectors on the rise, we must remain agile, proactive and committed to defeat them. They still seek the path of least resistance – as we harden one area, they focus on accessing and exploiting another,” said Shawn Henry, chief security officer and president of CrowdStrike Services.The past 18 months or so have also seen a notable trend towards collaboration among threat groups to engage in “big game hunting” attacks that focus on high-value data and assets inside large organisations that are more sensitive to downtime. Such attacks, usually involving ransomware, have become extremely lucrative for groups such as Wizard Spider, Indrik Spider and Doppel Spider, the non-state-affiliated groups behind some of the more popular strains of malware.CrowdStrike’s researchers found that third-party compromises, where target networks are hacked through their service providers, increasingly served as a force multiplier. Attackers are also turning their attention to cloud infrastructure, with exploitation of application programming interface (API) keys for public clouds on the rise. The researchers also revealed that environments running Apple’s macOS are now no longer the safe bet they have been in the past, with a rise in living off the land attacks targeting them, taking advantage of less widely used security tools than exist on Windows systems. -- ???????? | |||
????????????????????????????? ??????????????????????? |
????????????