Bitcoin, Tor, and Phishing Attacks Involving Popular Domains Found in Most Networks
Milpitas, Calif., Mar. 21, 2018 — SS8, the network intelligence company, today released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders.
Download the SS8 Threat Rewind Report here: http://go.ss8.com/2018-Threat-Report
During the past year, SS8 sensors and analytics deployed globally within live production networks have detected a variety of techniques used to compromise and steal data (intellectual property) from organizations in key industries spanning critical infrastructure, enterprises and telecommunications.
Some of the key findings include:
- 28% had security incidents involving SSH. SSH is the most popular protocol used for remotely accessing machines. A common authentication method used in SSH is a username/password combination. Command and control sessions are also masqueraded as regular SSH traffic for SSH attacks.
- 25% had Bitcoin traffic. This could signal a potential ransomware infection involving malware such as Cryptolocker, Locky, WannaCry, and Petya. This may also indicate employees are engaging in illegal or unauthorized bitcoin mining.
- 21% had Tor traffic. Tor is normally not allowed in corporate networks, as it can be used to access blocked or restricted websites. Tor can also be used to access hidden Tor services, some of which host questionable content.
The Threat Rewind Report was published to help educate and better-prepare today’s large enterprise, service providers and national governments about the most sophisticated attack techniques hiding in today’s networks and evading preventative cybersecurity defenses. SS8 provides this report to help our eco-system partners with approximately 20 billion high-definition network records from production networks having been analyzed by SS8 Networks in 2017 to produce the Threat Rewind Report.
“The most significant learning for us in 2017 was that prevention techniques were not enough to stop the sophisticated and targeted attacks.” said Dennis Haar, CEO for SS8 Networks. “Known vulnerabilities, human errors and insider threats all contributed to some of the biggest hacks in the recent history. Our analysis reaffirmed that network intelligence is absolutely key to detecting malicious activity in the early stages to prevent damage and harm to the enterprise. Detection techniques have become more focused and enable us to find both immediate dangers with time history available for device and individual forensics.”
About SS8 Networks
SS8, the network intelligence company, provides solutions to help customers quickly identify, track and investigate devices and subjects of interest. By generating, storing and recursively analyzing high-definition metadata records extracted from network packets, SS8 customers gain unprecedented intelligence for investigating what matter most. SS8 is trusted by six of the largest intelligence agencies, eight of the 14 largest communications providers and five of the largest systems integrators. Visit www.ss8.com or follow us on Twitter @SS8.