The data in this report reveals that today’s cyberattacks manifest as increasingly complex, long-term campaigns. Employing high-level tools and techniques, attackers set out to colonize an organization’s infrastructure — allowing them to move throughout the network, inflicting maximum damage along the way.
Note the high percentage (59%) of respondents who say attacks nowadays involve lateral movement within a network. And a growing number of hackers won’t stop at a single network — they’re after your clients’ partner and customer infrastructure as well. A full 36% of our respondents say they see attacks where the victim was primarily used for island hopping.
This shift reflects an evolution in the way businesses use and handle data. On the one hand, more and more data is consolidated and shared among organizations. At the same time, this data is increasingly decentralized across networks due to cloud computing — making it harder for attackers to quickly find everything they want. “Our customers’ IT teams don’t even know where all their assets are,” one IR professional says. “So it makes sense that attackers need more time to figure it out.”
And as attacks become increasingly protracted and complex, eluding detection becomes a top priority for hackers: nearly half of respondents (46%) report seeing instances of counter-incident response.
What’s more, attackers are adapting to commonly employed security systems. Nearly two-thirds (64%) of respondents, for example, see instances of secondary C2 used on a sleep cycle during their IR engagements, suggesting that network-based protections, which are regularly deployed to shut off hackers’ secret passages in your network (C2), have ostensibly been rendered useless; attackers are using a second C2 that wakes up only after the initial one goes down.