Cyber Security

Published on December 15th, 2016 | by Tony Thompson

Top Cyber Security Evasion and Exfiltration Techniques Exposed

Over the past year, SS8 has conducted breach detection risk assessments on live production networks, using the SS8 BreachDetect platform, for companies in key industries including critical infrastructure, retail, and education.

We’ve analyzed a whopping five billion high-definition records (HDRs) from a variety of environments, and from that, have now published what we refer to as our 2016 Threat Rewind Report.

The report summarizes the top evasion and exfiltration techniques actively being used by attackers across today’s networks.

You can download a copy of the report here: http://go.ss8.com/2016-Threat-Report

Why did we do this? Well, in short, we’re not seeing any slow-down of breach activity. All one has to do is check the news on any given week to find one or more new breach events publicly disclosed. (Note that I said “publicly.” So many are never known.)

These attacks are hiding in corporate networks and executing over long periods of time to avoid detection. According to Verizon’s 2016 Data Breach Investigations Report, the average dwell time for undetected network breaches is more than 200 days. Meanwhile, the total consolidated cost of a data breach was at $4 million, according to the 2016 Cost of Data Breach Study, conducted by Ponemon Institute.

This Threat Rewind Report was published to help educate and better-prepare today’s enterprises about the most sophisticated attack techniques hiding in today’s networks, and evading preventative cybersecurity defenses.

ss8-breach-detection-threat-report-2016

Chart from SS8 2016 Breach Detection Threat Rewind Report (click to see larger version)

While some of the findings are what you might expect to see from a sophisticated attack, others were enlightening. Sure, we saw nearly every attack displaying signs of traffic tunneling, and there have been lots of indications of malformed protocols in outbound traffic. But what about 30% of networks being infected with some form of audio-recording malware?

And while many of us have read about non-essential devices (sometimes referred to as Internet-of-things, or IoT) being used as an attack vector, we saw 70% of threats leveraging non-essential devices to either infiltrate the network, or exfiltrate data out from the corporate environment.

Check out the report to see the other key findings, and tell us what scares you most about the data.



Back to Top ↑

Show Buttons
Hide Buttons