The majority of hackers claim they can breach an organisation within hours, while most security professionals admit they do not know what to look for.
The majority of cyber attackers (71%) can breach a targeted organisation within 10 hours, and 18% claim they could breach a target in the hospitality and food and beverage industries within an hour, according to the latest Nuix black report.
Nearly 60% said it was rare for them to encounter systems that they could not break into, 75% of hackers said they were rarely detected by their victims after an attack and 2% said they were never detected. Some 74% said they were rarely impressed by an organisation’s security posture and that most security professionals tasked with detecting attacks do not understand what they are looking for.
The report is based on a survey of more than 100 cyber incident responders and known hackers from 16 countries, revealing their attack methodologies, favourite exploits, and what defensive countermeasures they have found to be the most and least effective.
Which measures are most challenging?
When asked which countermeasures present the greatest challenge, 34% said host system hardening, followed by intrusion detection and prevention systems (18%), endpoint security (14%), and honeypots and other deception technologies (10%).
Only 8% said Microsoft’s Enhanced Mitigation Experience Tookit and antivirus software was a challenge, and the least challenging were firewalls (5%) and user access controls (3%).
Once attackers have breached the perimeter, said the report, they can move laterally with ease to map out the target environment and find what they are looking for. Almost three-quarters of hackers said they could cover their tracks in less than 30 minutes.
Averaged across all industries, most respondents (54%) said they could find their target data within five hours, while large numbers could find the data they wanted in less than an hour in the hospitals and healthcare (38%), hospitality (33%), and retail (30%) industries.
Most popular methods of obtaining data
One-third of hackers said they often use social engineering as their preferred method of obtaining information about a target, while 62% favoured phishing attacks, 22% preferred in-person social engineering attacks on a target, and just 16% said their favourite way of using social engineering was over the phone. A total of 17% said they always used social engineering, and only 12% said they never used it.
Social engineering is a popular attack method, favoured by 27% of hackers, second only to network attacks, which were favoured by 28%. This was followed by phishing (22%) – which is really a subset of social engineering attacks – and waterhole attacks. (7%)
Asked how often new tools or techniques are released to enable more efficient attacks, 37% of hackers said there are new tools available every one to two months, allowing them to regularly switch their methods of attack, but 22% said attack methodologies become outdated or easy to detect in the same time period.
A big majority (93%) of respondents said that after a penetration test, the client would most commonly not fix some or all of the vulnerabilities identified by the testers or investigators. Only 7% would remediate all the vulnerabilities found and then re-test to see whether they had plugged all the gaps.