Cyberattacks: What happens post-intrusion? 400% 1200%

advertisement
a
ox
ng
Cyberattacks: What happens post-intrusion?
The Vectra Networks June 2015 Post-Intrusion Report provides first-hand insight
and analysis of active and persistent network threats inside organizations.
THE STRATEGIC PHASES OF ATTACK
TARGETED ATTACKS
100% of networks showed signs attacks
3%
penetratrated the security perimeter
13%
Threats detected
34%
by category
18%
LATERAL MOVEMENT
INTERNAL RECONNAISSANCE
13%
BOTNET ACTIVITY
18%
LATERAL MOVEMENT
HIDDEN TUNNELS SPIKE
Sandbox
Firewall
U/I
MOST DANGEROUS
DETECTIONS ARE ON THE RISE
270%
Reporting
BOTNET
43%
6%
LOGIN
LATERAL MOVEMENT
EXFILTRATION
Firewall
COMMAND & CONTROL
U/I
Laptop
Tablet
Smartphone
580%
Laptop
Percentage
Tablet
in
the
numberSmartphone
of
growth
detections from 2Q14 to 2Q15
LATERAL MOVEMENT
Server
Vectra cloud
Vectra cloud
IPS
Lateral Movement
Attackers send hidden
communicaitons using HTTP, HTTPS
and DNS
Exfiltration
Used to spread malware
and authentication-based
attacks such as using
stolen passwords.
Theft of data
Command & Control
Exfiltration
DNS
HTTPS
IPS
HTTP
580%
Five threat trends to watch
RECONNAISSANCE
270%
84% BOTNET
43% EXFILTRATION
Switches
Vectra Central Manager
6% COMMAND & CONTROL
1
Server
Reconnaissance
Internal reconnaissance
performed
by an attacker
inside the network.
Switches
Vectra Central Manager
Abnormal web activity
TARGETED THREATS
LOGIN
Database
97% Increase
Outbound scan
OPPORTUNISTC THREATS
A wide range of malicious
communication techniques
EXFILTRATION
32%
RECONNAISSANCE
Outbound DoS
Command & Control
INTERNAL RECONNAISSANCE
5%
4%
3%
2%
Brute-force attack
COMMAND AND CONTROL
34%
85%
Abnormal ad activity
How criminals make money with
ad click- fraud, spamming and
DDoS attacks.
BOTNET ACTIVITY
EXFILTRATION
32%
Router84%
Top five activities of botnets
Botnet Monetization
COMMAND AND CONTROL
3%
BOTNETS FOLLOW THE MONEY
LOGIN
Lateral Movement
Detections
Database
Sandbox
Kerberos-based attacks grew
400%
Router
Reporting
compared to last year.
Bruce-force attacks
56%
accounted for
of
lateral movement detections.
2
3
Internal
Reconnaissance
Firewall
U/I
Laptop
Tablet
53%
47%
Smartphone
Server
Vectra cloud
4
High-risk Tor detections
jumped by more than
Port scans represented
Vectra Central Manager
Command and
Control
Switches
Database
1200%
Router
Sandbox
Firewall
External remote
access jumped by
183%
Reporting
Vectra Central Manager
U/I
Hidden pipelines of
information
Database
Laptop
Sandbox
LOGIN
Firewall
U/I
Command and control and
exfiltration are increasingly
hidden in tunnels with in
HTTP, HTTPS and DNS, with
Router
LOGIN
Darknet scans represented
IPS
Reporting
Vectra Central Manager
HTTPS being the
Tablet
Smartphone
Server
most popular channel.
Laptop
5
Switches
Vectra cloud
IPS
Botnets
Tablet
Botnet monetization
behavior grew
linearly compared to
last year. Ad clickfraud represented
Smartphone
Server
Vectra cloud
85%
of all botnet detections.
Switches
Know what happens when attackers breach the perimeter.
Get the full Post-Intrusion Report at http://info.vectranetworks.com/post-intrusion-report-2015 or email us at info@vectranetworks.com.
www.vectranetworks.com
IPS
Download