Targeted attacks rise, cyber attackers spreading through networks, report says

The study assessed hidden tunnels without having to decrypt SSL traffic, Williamson pointed out. Hidden tunnels are used to “hide some communication within a protocol,” Williamson explained. Instead, researchers applied data science to network traffic.

This year the Vectra Networks research showed that HTTPS was favored by attackers for communications while HTTP, or clear channel, was used less frequently (by about half). “That's a good indication attackers are using hidden tunnels,” Williamson explained.

Lateral movement detections were mostly the work of brute-force attacks (56 percent) while automated replication accounted for 22 percent of the detections and Kerberos-based attacks represented 16 percent. The latter, though, increased non-linearly by 400 percent from last year's results.

Port scans, which identify activity further along in the attack process, accounted for 53 percent of the internal reconnaissance detections noted in the study while the remaining 47 percent were attributed to darknet scans, in keeping with the behavior reported in the company's 2014 report. The report also found that ad-click fraud, at 85 percent of all botnet detections, represented the most common form of botnet monetization, a behavior that grew linearly when compared to results from last year.

To counter the attacks, Williamson suggested that organizations take steps to establish a data-centric security model that protects data as an asset and to apply behavioral science to detect “bad behavior” within a network.