Cybercriminals Wipe Out Logs in 82% of Attacks With Missing Telemetry Between January 1 2022 to June 30 2023: Report

Cybercriminals Wipe Out Logs in 82% of Attacks With Missing Telemetry Between January 1 2022 to June 30 2023: Report

New Delhi, November 16: Cybercriminals disabled or wiped out logs in 82 per cent of attacks with missing telemetry between January 1, 2022, to June 30, 2023, a new report said on Thursday. Telemetry automatically gathers, transmits and measures data from remote sources, using sensors and other devices to collect data.

As explained by the cybersecurity firm Sophos, gaps in telemetry decrease much-needed visibility into an organisation’s networks and systems, especially since attacker dwell time (the time from initial access to detection) continues to decline, shortening the time defenders have to effectively respond to an incident. Porn Ad Shown on YouTube Videos, Google Takes Action After Reddit User Flags Sexually Explicit Content in Advertisement.

In the report, the researchers classified ransomware attacks with a dwell time of less than or equal to five days as “fast attacks,” which accounted for 38 per cent of the cases studied. “Slow” ransomware attacks are those with a dwell time greater than five days, which accounted for 62 per cent of the cases.

“Missing telemetry only adds time to remediations that most organisations can’t afford. This is why complete and accurate logging is essential, but we’re seeing that, all too frequently, organisations don’t have the data they need,” said John Shier, field CTO, Sophos.

According to the researchers, when examining these “fast” and “slow” ransomware attacks at a granular level, there was not much variation in the tools, techniques, and living-off-the-land binaries (LOLBins) that attackers deployed, suggesting defenders don’t need to reinvent their defensive strategies as dwell time shrinks. Microsoft Unveils New Text-to-Speech Avatar Tool That Enables Users To Create Talking Avatar Videos With Text Input.

“Cybercriminals only innovate when they must, and only to the extent that it gets them to their target. Attackers aren’t going to change what’s working, even if they’re moving faster from access to detection,” said Shier. The report is based on 232 Sophos Incident Response (IR) cases across 25 sectors. Targeted organisations were located in 34 different countries across six continents. About 83 per cent of cases came from organisations with fewer than 1,000 employees.

(The above story first appeared on Morning Tidings on Nov 16, 2023 04:34 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

Be the first to comment

Leave a Reply

Your email address will not be published.


*