By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Earlier cyberattack detection, but crimminals have sped up attacks: Sophos
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Earlier cyberattack detection, but crimminals have sped up attacks: Sophos
CybersecurityEnterpriseUncategorized

Earlier cyberattack detection, but crimminals have sped up attacks: Sophos

Ai Lei Tao
Last updated: August 30, 2023 at 3:39 PM
Ai Lei Tao Published August 30, 2023
3 Min Read
SHARE

Businesses are now taking less time to discover cyber attacks, but in a tight race, criminals are also speeding up their efforts to hack into their victims’ systems, according to cybersecurity firm Sophos.

The average time taken, from the start of the attack to its detection – also known as the median dwell duration – has decreased from 10 to eight days for all attacks and to five days for ransomware attacks, according to a recent analysis of Sophos Incident Response (IR) cases from January to July 2023. This is a drop from 15 to 10 days in 2022.

However, while there are improved defences, attackers, especially experienced and well-resourced ransomware affiliates, continue to speed up their noisy attacks.

Sophos discovered that it took attackers roughly 16 hours on average to access the Active Directory (AD), one of a company’s most crucial assets.

Since AD often controls access to resources and identities throughout an organisation, attackers can utilise AD to quickly elevate their privileges on a system, allowing them to log in and engage in a variety of nefarious actions.

“When an attacker controls AD, they can control the organisation,” said John Shier, field CTO of Sophos. “The impact, escalation, and recovery overhead of an Active Directory attack is why it’s targeted.”

Gaining control of the Active Directory server allows attackers to linger undetected to determine their next move. When they are ready to strike, they can penetrate a victim’s network unimpeded. 

“Such an attack damages the foundation of security upon which an organisation’s infrastructure relies. Very often, a successful AD attack means a security team has to start from scratch,” said Shier.

Another finding from Sophos was that the dwell duration for ransomware assaults has decreased.

They made up 69 per cent of the investigated instances in the IR cases analysed, making them the most common type of attack, and their median dwell period was only five days.

The final payload of ransomware assaults was launched in 81 per cent of cases outside of regular business hours, and only 5 per cent of those deployments occurred on a weekday. 

As the week progressed, the number of attacks detected increased. Nearly half (43 per cent) of ransomware attacks were detected on either Friday or Saturday.

The growing adoption of technologies and services like extended detection and response (XDR) and Managed Detection and Response (MDR) has improved the ability to detect attacks sooner, said Shier.

“In some ways we’ve been victims of our own success,” he noted.

You Might Also Like

Keysight study unveils critical challenges in healthcare software testing

Trust undergirds the use of data for AI: Salesforce

Despite more cyberattacks, Asia-Pacific firms don’t feel prepared for new threats

Q&A: Cloud still the focus and the foundation for digitalisation, says CelcomDigi

Data democratisation challenges in Asia-Pacific may hinder its progress: Snowflake

TAGGED: Active Directory, malware, MDR, Sophos

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Ai Lei Tao August 30, 2023 August 30, 2023
Share This Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Avatar photo
By Ai Lei Tao
Ai Lei is a writer who has covered the technology scene for more than 20 years. She was previously the editor of Asia Computer Weekly (ACW), the only regional IT weekly in Asia. She has also written for TechTarget's ComputerWeekly, and was editor of CMPnetAsia and Associate Editor at Computerworld Singapore.
Previous Article IMDA, Dell, Equinix ink deal to drive innovation in green data centres
Next Article Sennheiser Ambeo Soundbar Mini review: Immersive movie audio despite compact size
Leave a comment

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Playing Starfield on an AMD Radeon RX7800 XT graphics card
Gaming PC September 21, 2023
Starfield review: Slow paced adventures in space
Gaming September 20, 2023
Intel unveils redesigned Core Ultra CPUs, first built on new Intel 4 process
PC September 20, 2023
Keysight study unveils critical challenges in healthcare software testing
Enterprise Software September 14, 2023

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
Welcome Back!

Sign in to your account

Lost your password?