The playbook is based on Sophos telemetry as well as 81 incident investigations and insight from the Sophos Managed Threat Response (MTR) team of threat hunters and analysts and the Sophos Rapid Response team of incident responders. The aim is to help security teams understand what adversaries do during attacks and how to spot and defend against malicious activity on their network.
Key findings in the playbook include:
Advertisement
•The median attacker dwell time before detection was 11 days – To put this in context, 11 days potentially provide attackers with 264 hours for malicious activity, such as lateral movement, reconnaissance, credential dumping, data exfiltration, and more. Considering that some of these activities can take just minutes or a few hours to implement – often taking place at night or outside standard working hours – 11 days offer attackers plenty of time to cause damage in an organization’s network. It is also worth noting that ransomware attacks t
May 24, 2021
Cyber attacks often go undetected in organisations’ systems, usually only detected when a ransom demand is made.
This is one of the findings in Sophos’s “Active Adversary Playbook 2021”, which details attacker behaviors and the tools, techniques and procedures (TTPs) that Sophos’ frontline threat hunters and incident responders saw in the wild in 2020. The TTP detection data also covers early 2021.
The findings show that the median attacker dwell time before detection was 11 days (264 hours), with the longest undetected intrusion lasting 15 months.
Ransomware featured in 81% of incidents and 69% of attacks involved the use of the remote desktop protocol (RDP) for lateral movement inside the network.
iTWire - Median attacker dwell time takes 11 days, ransomware widely used: report itwire.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from itwire.com Daily Mail and Mail on Sunday newspapers.
Sophos Launches XDR Solution that Synchronizes Native Endpoint, Server, Firewall, and Email Security
Sophos XDR extends new EDR capabilities across next-generation cybersecurity solutions, creating the most comprehensive and integrated threat detection and response system.
OXFORD, U.K., May 05, 2021 (GLOBE NEWSWIRE) Sophos, a global leader in next-generation cybersecurity, today announced Sophos XDR, the industry’s only extended detection and response (XDR) solution that synchronizes native endpoint, server, firewall, and email security. With this comprehensive and integrated approach, Sophos XDR provides a holistic view of an organization’s environment with the richest data set and deep analysis for threat detection, investigation and response.
“We’re seeing an extraordinarily high level of complex ransomware and other cybercrime, and the need for effective, comprehensive cybersecurity has never been more critical or urgent,” said Dan Schiappa, chief product officer at Sophos. “Sophos XDR is a game-changing new solution for proactively defending against the most sophisticated and evasive attacks, especially those that leverage multiple access points to gain entry, move laterally to evade detection, and do as much damage as possible as fast as possible.”
Attacks on Steroids
Advertisement
Sophos has published new research, “Intervention halts a ProxyLogon-enabled attack,” detailing an attack against a large organization that began when the adversaries compromised an Exchange server using the recent ProxyLogon exploit. The research shows how the attackers moved laterally through the network and, over a two-week period, stole account credentials; compromised domain controllers; secured a foothold on multiple