Lateral movement and reconnaissance detections observed in a Vectra Networks Post-Intrusion Report, released Tuesday, show a sharp upturn in targeted attacks that have penetrated the perimeter.
The report, which is the culmination of data collected over a six-month period from 40 of the company's customer and prospect networks that feature more than 250,000 hosts, found that non-linear growth in lateral movement increased 580 percent from last year while reconnaissance detections were up 270 percent. Overall, detections outpaced those recorded last year by 97 percent.
Firewalls and other perimeter security solutions are “holding their own” with attacks of opportunity like botnets, Wade Williamson, director of product marketing at Vectra Networks, told SCMagazine.com in a Monday interview. “They're not doing so good when the attacks are targeted” and attackers are trying to dig deeper into the networks.
While attackers are “getting good” at getting past the first wall of defense, they're not faring as well getting data out of the network. “They're getting in the front door at a far greater rate than they have in the past,” said Williamson. “But the exfiltration of data is relatively low,” he added.
Williamson attributed the uptick in detections in part to the “democratization of hacking tools” which makes it easier for attackers to get in. He noted that the research indicated attacks have gone from being just the domain of “super sophisticated” hackers to those with lesser skills.
Vectra found the least growth, six percent, in command and control communication. But “high-risk Tor” and external remote access grow by 1000 percent and 183 percent respectively, the findings showed. Tor detections made up 14 percent of all C&C traffic.