Research Library > Vectra Networks > Post-Intrusion Report, June 2015

Post-Intrusion Report, June 2015

Published By: Vectra Networks
Vectra Networks
Published:  Aug 03, 2015
Length:  12 pages

The Vectra Networks™ Post-Intrusion Report (PIR) provides a first-hand analysis of active and persistent network threats inside an organization. This study takes a multidisciplinary approach that spans all strategic phases of a cyber attack, and as a result reveals trends related to malware behavior, attacker communication techniques, internal reconnaissance, lateral movement, and data exfiltration.

Key Findings:

• 100% of the networks analyzed in the report exhibited one or more indicators of a targeted attack.
• Targeted attack indicators were on the rise, led by a 580% increase in lateral movement techniques along with a 270% increase in internal reconnaissance. A spike in these behaviors may indicate that attackers are increasingly successful at penetrating perimeter defenses.
• While command and control behaviors remained flat, the riskiest forms of command and control were on the rise with a marked increase in Tor as well as external remote access tools.
• For the first time, Vectra was able to perform a study of hidden tunnels without the need to decrypt SSL. This analysis showed that HTTPS is the preferred vehicle over HTTP for hidden tunnels.



Tagspost intrusion report, metadata, network threats, network security management, it security, botnet monetization, data exfiltration, security management