Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

What cyberthreats are lurking about in your network?

Wade Williamson
June 23, 2015

Today, Vectra Networks published its second edition Post-Intrusion Report that offers a first-hand look at modern threats that get past perimeter security and spread inside the network.

In the latest report, we analyzed behaviors and techniques across the entire lifecycle of real-world cyber attacks. We also looked back and saw alarming changes in the threat landscape and observed emerging trends in attack techniques.

Some of the key findings include:

  • Major increases in Internal Reconnaissance and Lateral Movement behaviors – While all detections grew due to an increased sample size, Internal Reconnaissance and Lateral Movement detections of an attacker spying and spreading within a network grew disproportionately. Both were the fastest growing categories of detections by far at 580% and 270% respectively. Both categories are strong indicators of a targeted attack and are potential indicators that targeted attackers are increasingly able to penetrate perimeter security controls.
  • Tor and External Remote Access are on the Rise – While Command-and-Control detections remained relatively flat, we observed strong growth in both Tor and External Remote Access attack detections. These particular detections are indicators of a targeted attack and their increase confirms an overall trend to more targeted attack behaviors.
  • Hidden tunnels within SSL – It is no surprise that attackers want to hide and obscure their communications whenever possible, and using hidden tunnels is one of their favorite techniques. Over the past year, Vectra data scientists zeroed in on this threat by developing techniques to detect hidden tunnels within DNS, HTTP and HTTPS.

Of particular importance, Vectra is now able to detect a hidden tunnel within HTTPS without decrypting the traffic. This led to the industry’s first apples-to-apples analysis of hidden tunnels across clear and encrypted Web sessions.

The results: HTTPS was the most commonly observed protocol used for hidden tunnels and was more than twice as popular for Command-and-Control traffic. An important reminder that attackers will hide in the areas where visibility is weakest.

These are just a few of the key findings in the report, so we encourage you to download the full report to see what is happening once attackers make it into the network. Download the full report here.


About the author

Wade Williamson

Wade Williamson is a cybersecurity writer, product manager and marketer. Wade held a position as director of product marketing at Vectra with previous experience as a security researcher at Shape Security. Prior to Shape Security, he was a senior security analyst at Palo Alto Networks.

Author profile and blog posts

Most recent blog posts from the same author


Bringing attack detections to the data center

September 13, 2016
Read blog post

The new vulnerability that creates a dangerous watering hole in your network

July 12, 2016
Read blog post

Ransomware, encryption and machine learning – Three key takeaways from Infosecurity 2016

June 15, 2016
Read blog post