> Vectra Networks > Post-Intrusion Report, June 2015
 

Post-Intrusion Report, June 2015

White Paper Published By: Vectra Networks
Vectra Networks
Published:  Aug 03, 2015
Type:  White Paper
Length:  12 pages

The Vectra Networks™ Post-Intrusion Report (PIR) provides a first-hand analysis of active and persistent network threats inside an organization. This study takes a multidisciplinary approach that spans all strategic phases of a cyber attack, and as a result reveals trends related to malware behavior, attacker communication techniques, internal reconnaissance, lateral movement, and data exfiltration.

Key Findings:

• 100% of the networks analyzed in the report exhibited one or more indicators of a targeted attack.
• Targeted attack indicators were on the rise, led by a 580% increase in lateral movement techniques along with a 270% increase in internal reconnaissance. A spike in these behaviors may indicate that attackers are increasingly successful at penetrating perimeter defenses.
• While command and control behaviors remained flat, the riskiest forms of command and control were on the rise with a marked increase in Tor as well as external remote access tools.
• For the first time, Vectra was able to perform a study of hidden tunnels without the need to decrypt SSL. This analysis showed that HTTPS is the preferred vehicle over HTTP for hidden tunnels.



Tags : 
post intrusion report, metadata, network threats, network security management, it security, botnet monetization, data exfiltration, security management, best practices, advanced persistent threat, apt, ids, ips, malware, security insight, threat landscape