One factor that the miserable string of knowledge breaches this 12 months reveals is that cyber attackers have turn into expert at staging long-lasting information exfiltration campaigns.
Safety specialists aren’t clear whether or not it is a new development or one thing that corporations are lastly waking as much as solely now. Both method, the assaults symbolize an actual downside for corporations which can be nonetheless caught with perimeter-centric protection methods which can be targeted purely on holding intruders out of the enterprise community.
The assaults on corporations like Sony, Home Depot, and Goal over the previous 12 months present that many hackers have eschewed smash-and-grab assaults for campaigns which can be extremely focused and explicitly designed to extract enormous quantities of knowledge over a time period.
In most of the assaults, hackers used convincing spear-phishing campaigns to drop malware on focused programs and acquire an preliminary foothold on a company community. In different assaults, like those at Goal and Dwelling Depot, hackers used login credentials stolen from third events to achieve entry to their victims’ networks.
Each ways allowed attackers to comparatively simply bypass no matter perimeter safety controls the businesses might need caught on the fringe of their community. And as soon as inside, they leveraged a mix of customized malware instruments and common IT instruments to make their method across the community and extract information nearly at will with out being detected.
Learn the complete story on Dark Reading.
Jai Vijayan is a seasoned know-how reporter with over 20 years of expertise in IT commerce journalism. He was most not too long ago a Senior Editor at Computerworld, the place he coated data safety and information privateness points for the publication. Over the course of his 20-year … View Full Bio