82% of Attacks Show Cyber-Criminals Targeting Telemetry Data

Cyber Security Threat Summary:
A new report from Sophos indicates that cyber-criminals are disabling or wiping out logs in 82% of incidents, making it difficult for organizations to backtrace and determine what happened on systems during a crisis. What’s more is that based on a case study conducted by Sophos, nearly a quarter of organizations investigated didn’t have the appropriate logging available in place for incident responders. Researchers say this was due to several factors, including insufficient retention, re-imaging, or a lack of configuration. “In an investigation, not only would this mean the data would be unavailable for examination, but the defenders would have to spend time figuring out why it wasn’t available” stated researchers in a recent blog post.

Security Officer Comments:
According to Sophos, the average dwell time, or the time in which attackers spend on a network before being detected by security solutions has decreased. On top of this, with attackers deleting telemetry and organizations not having the proper logging in place, this makes it challenging for incident responders to take action and minimize the potential impact, in the event of a breach.

Suggested Correction(s):
Organizations should work towards securing and maintaining their systems, as this will increase the amount of work required for actors to carry out a successful attack. Isolating critical resources and segmenting networks can be crucial in minimizing the potential impact of attacks. Also, the continuous monitoring of telemetry and adequate logging will help eliminate blind spots before they can be spotted by actors.