Cybercriminals wiped out logs in 82% of attacks with missing telemetry: Report


New Delhi, Nov 16 (IANS): Cybercriminals disabled or wiped out logs in 82 per cent of attacks with missing telemetry between January 1, 2022, to June 30, 2023, a new report said on Thursday.

Telemetry automatically gathers, transmits and measures data from remote sources, using sensors and other devices to collect data.

As explained by the cybersecurity firm Sophos, gaps in telemetry decrease much-needed visibility into an organisation’s networks and systems, especially since attacker dwell time (the time from initial access to detection) continues to decline, shortening the time defenders have to effectively respond to an incident.

In the report, the researchers classified ransomware attacks with a dwell time of less than or equal to five days as “fast attacks,” which accounted for 38 per cent of the cases studied.

“Slow” ransomware attacks are those with a dwell time greater than five days, which accounted for 62 per cent of the cases.

"Missing telemetry only adds time to remediations that most organisations can’t afford. This is why complete and accurate logging is essential, but we’re seeing that, all too frequently, organisations don’t have the data they need," said John Shier, field CTO, Sophos.

According to the researchers, when examining these “fast” and “slow” ransomware attacks at a granular level, there was not much variation in the tools, techniques, and living-off-the-land binaries (LOLBins) that attackers deployed, suggesting defenders don’t need to reinvent their defensive strategies as dwell time shrinks.

"Cybercriminals only innovate when they must, and only to the extent that it gets them to their target. Attackers aren’t going to change what’s working, even if they’re moving faster from access to detection," said Shier.

The report is based on 232 Sophos Incident Response (IR) cases across 25 sectors. Targeted organisations were located in 34 different countries across six continents.

About 83 per cent of cases came from organisations with fewer than 1,000 employees.

 

 

  

Top Stories


Leave a Comment

Title: Cybercriminals wiped out logs in 82% of attacks with missing telemetry: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.