Attack rates are increasing across the board

Finance and technology are the sectors most resilient to cyber intrusions, new research from Vectra Networks has found.

The company released the results of its Post-Intrusion Report, based on data from a sample set of nearly 200 of its enterprise customers. They looked at the prevalence of strategic phases of the attack lifecycle: command-and-control (C&C), reconnaissance, lateral movement, botnet, and exfiltration attacker behaviours across thirteen industries.

Over 90 days (January-March 2017), the company monitored 2,145,708 hosts. On these hosts, Vectra detected 1,805,188 different network behaviours that were condensed to 140,341 detections. These detections were then triaged down to 62,119 hosts, with 10,710 hosts prioritised as high or critical business risk.

They discovered healthcare to be the most frequently targeted industry, with 164 threats detected per 1,000 host devices, followed by education and media, which had 145 and 123 detections per 1,000 host devices, respectively. By comparison, the food and beverage industry came in as the least targeted industry with just 17 detections per 1,000 hosts.

Additional findings include:

• Attack rates are increasing across the board: The average number of reconnaissance, lateral movement and exfiltration detections have all increased, by more than 265 per cent
• Hackers want what the media has: Media organisations experienced the highest rates of exfiltration, with 34 detections per 1,000 host devices. The industry’s high rates of exfiltration attempts can likely be attributed to the its decentralised supply chain made up of small businesses with limited IT staff
• Entertainment experiences the most diverse attacks: The entertainment industry experienced above-average rates of the five attack behaviours measured. Only the food and beverage industry experienced below-average detections for all activity measured
• Setting the stage for WannaCry: Reconnaissance detections were up by 333 per cent when compared to 2016. Internal reconnaissance is a necessary first step for ransomware campaigns. The sharp increase in reconnaissance detections may be an early indicator of the recent rise of attacks such as WannaCry
• Botnet activity occurs most often in entertainment and was detected six-times more than the average for all industries, followed by media. These opportunistic attack behaviors leverage hosts for external gain, such as bitcoin mining or outbound spam
• Finance and technology prove most resilient: These industries have below-average detection rates, with 37 and 38 detections per 1,000 hosts, respectively. This indicates the presence of stronger policies, mature response capabilities, and better control of the attack surface.
• Education and healthcare face a greater risk of exposure to cyber attacks, as they both contend with a level of openness in their networks.