Cybercriminals are directing increasingly sophisticated attacks against servers, networks, and mobile devices, in addition to notebooks and desktops, according to research from security vendor Sophos Ltd.
The new study, entitled “7 Uncomfortable Truths of Endpoint Security,” made its debut today in conjunction with the 2019 RSA Conference, a major security event currently underway in San Francisco.
Data from the report, which is based on input from 3,100 IT decision-makers at midsize businesses in 12 countries, indicates that the success rate for high-impact attacks like ransomware strikes is up significantly in the last year.
“It’s very, very scary that this many people in this survey had what they would consider a significant attack,” says Sophos Chief Product Officer Dan Schiappa.
Worse yet, he adds, many significant attack victims have little forensic insight into what happened and why afterwards. Indeed, 20 percent of IT managers at companies struck by a cyberattack last year can’t pinpoint how the attackers gained entry, according to the survey, and 17 percent don’t know how long the threat was present before it was detected.
“They could have been there for days, weeks, months. It was really unknown,” Schiappa notes.
Hackers who do penetrate a company’s defenses are increasingly focusing their attention on servers rather than PCs. Some 37 percent of detected intruders last year were found on servers, in fact, according to the Sophos research report. “We’re starting to see that they’re going after the crown jewels,” Schiappa says. “They know that the important data is on servers.”
Another 37 percent of discovered cybercriminals were located on the network, the new study shows, while 10 percent were spotted on mobile devices. That’s a disturbing but not surprising statistic to Schiappa.
“If you really look at the IT security landscape, we’re still seeing very few people care about, pay attention to, or even look at the mobile device as a key entry point,” he says. “The reality of it is these mobile devices are very, very sophisticated in their capabilities and certain platforms are actually quite prone to being hacked because of the accessibility and the way the operating system’s architected.”
Another recent trend noted by Sophos researchers is the declining prevalence of broad-based “spray and pray” attacks, which have long been the norm among ransomware practitioners. “What the hackers quickly found is that companies like Sophos got pretty astute at blocking those types of attacks, and something more sophisticated was necessary,” Schiappa says.
As a result, he continues, the latest exploits methodically sniff out gaps in vulnerable infrastructure components, like remote desktop protocol systems and virtual private networks, and then use the resulting foothold to disable a victim’s backups and locate high-value data before ultimately launching a ransomware program.
Newly published reports from the Sophos Labs research unit detail two specific examples of that phenomenon, called GandCrab and Emotet. Both utilize more labor-intensive techniques than attackers have traditionally employed.
“Even though they had some sophistication to the way they infiltrated the environment through malware, it was still primarily kind of a hands-off type of an attack, where now what we’re seeing is a hands-on active adversary leveraging ransomware,” Schiappa says.