Security Market Segment LS
Tuesday, 27 February 2018 01:48

Intruders remain undetected in corporate networks an average of 86 days


Cloud endpoint protection provider CrowdStrike has released research revealing a threat spends an average of 86 days in a corporate network before it is detected, despite needing under two hours to move laterally to other systems on the network.

CrowdStrike’s Global Threat Report contains research from 176 countries and lists more than 90 billion threat events per day.

The report shows that in 2017, 39% of all attacks constituted malware-free intrusions which went undetected by traditional anti-virus, highlighting the necessity for stronger, smarter security tools than the signature-based methods of the past. Manufacturing, professional services and pharmaceutical industries faced the greatest number of malware-free attacks.

“Malware-free” is a technique to compromise the target without using malware, giving a higher chance of going undetected. Spear-phishing attacks aim to steal credentials, which are then used to log in and authenticate.

The evolution of the threat landscape beyond conventional security methods is further pronounced following the release of state-sponsored hacking tools, blurring the lines between statecraft and tradecraft, making advanced exploits available to all. Both WannaCry and NotPetya originated from stolen and leaked NSA code.

CrowdStrike’s Threat Graph data indicates an intruder can move to other systems within the network, once access has been gained, in an average of one hour and 58 minutes.

“They move typically through stolen credentials,” says Michael Sentonas, vice-president of Technology Strategy for CrwodStrike. “They get into the network far enough to steal credentials, or the credential they are using allows them to start escalating privilege. If I log into a network as you, it becomes hard for someone to detect if it is me or you."

A malicious person can establish persistence, build backdoors and take other actions, safe from detection by traditional anti-virus tools.

“Every week we’re finding existing threats, even during proof-of-concept with new prospective customers,” Sentonas says. “They try the technology in the network to give it a go and see how it interacts with their systems and to get a feel for a real-world deployment. In many cases, the proof-of-concept evaluation flags something is going on. The company has been compromised. Maybe it’s an active intrusion, and maybe something is left over still communicating outside.”

The research further reveals extortion and weaponisation of data have become mainstream among cyber criminals, that nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical and militaristic exploration, and that supply chain compromises and crypto-fraud and mining present new attack vectors for state-sponsored and criminal actors.

“In 2018 we will see much of the same,” Sentonas says. “We will see continued successful ransomware attacks because organisations are not patching and are not as secure as they think they are. We're statistically due for another ransomware attack, and attacking the supply chain is likely the way it will happen.”

“The security industry does a good job of bubbling up important headlines but we sometimes lose relevancy. A lot of the security vendors say ransomware went up by 20% and this type of malware went up by this percent but at the end of the day who cares?” Sentonas says. “It's not relevant to the average person. When we talk about threat intelligence and learning and talk about what's happening there are a lot of techniques that prove the attackers are successful. So what do we learn?”

“For me, it’s about constantly challenging the architectures we use and rethinking how we can get better and improve our security posture. Some of the things attackers are doing are so successful we have to pause and rethink."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.



Recent Comments