Live
- Common Mistakes to Avoid When Hiring Executive Manufacturing Recruiters in Mexico
- Thila Taila Abhishekah Pooja to Lord Shaneswara
- Priyanka Gandhi says BJP talking of 'tinkering' with Constitution with PM’s nod
- LS polls: PM Modi says BJP-NDA leading 2-0 after first two phases
- Plea in Madras HC seeks special polling arrangement for names 'missing' from Coimbatore voter list
- Ex CM KCR Bus tour on 4 th day
- Youth National Games 2024 kick-start in Delhi; over 5,000 athletes from 15 states vying for top honours
- TN Police warn people against fraudsters using AI-based voice cloning
- L-G office blames Saurabh Bharadwaj for delay in enhancing MCD Commissioner's financial powers
- ICICI Bank posts 17 per cent rise in Q4 net profit at Rs 10,707cr; declares dividend of Rs 10 per share
Cybercriminals wiped out logs in 82% of attacks with missing telemetry: Report
Representational Image
Cybercriminals disabled or wiped out logs in 82 per cent of attacks with missing telemetry between January 1, 2022, to June 30, 2023, a new report said on Thursday.
New Delhi: Cybercriminals disabled or wiped out logs in 82 per cent of attacks with missing telemetry between January 1, 2022, to June 30, 2023, a new report said on Thursday.
Telemetry automatically gathers, transmits and measures data from remote sources, using sensors and other devices to collect data.
As explained by the cybersecurity firm Sophos, gaps in telemetry decrease much-needed visibility into an organisation’s networks and systems, especially since attacker dwell time (the time from initial access to detection) continues to decline, shortening the time defenders have to effectively respond to an incident.
In the report, the researchers classified ransomware attacks with a dwell time of less than or equal to five days as “fast attacks,” which accounted for 38 per cent of the cases studied.
“Slow” ransomware attacks are those with a dwell time greater than five days, which accounted for 62 per cent of the cases.
"Missing telemetry only adds time to remediations that most organisations can’t afford. This is why complete and accurate logging is essential, but we’re seeing that, all too frequently, organisations don’t have the data they need," said John Shier, field CTO, Sophos.
According to the researchers, when examining these “fast” and “slow” ransomware attacks at a granular level, there was not much variation in the tools, techniques, and living-off-the-land binaries (LOLBins) that attackers deployed, suggesting defenders don’t need to reinvent their defensive strategies as dwell time shrinks.
"Cybercriminals only innovate when they must, and only to the extent that it gets them to their target. Attackers aren’t going to change what’s working, even if they’re moving faster from access to detection," said Shier.
The report is based on 232 Sophos Incident Response (IR) cases across 25 sectors. Targeted organisations were located in 34 different countries across six continents.
About 83 per cent of cases came from organisations with fewer than 1,000 employees.
