Logs missing in 42% cyberattacks; small business most vulnerable: Report

Sophos' Active Adversary Report found 83% organisations targeted had less than 1,000 employees

Data Protection, cybersecurity, digitisation, security

Vasudha Mukherjee New Delhi

Listen to This Article

Telemetry logs, which hold collection, transmission, and measurement of data, were found missing in 42 per cent of analysed cyberattacks, according to Sophos' Active Adversary Report. Titled 'The Active Adversary Report for Security Practitioners', the report delves into incident response (IR) cases scrutinised by global cybersecurity firm Sophos. The report provides insights based on 232 Sophos IR cases across 25 sectors from January 2022 till June 30, 2023.

Delving into cases of attacks, the report also found that in 82 per cent of these instances, cybercriminals deliberately disabled or eradicated telemetry to conceal their actions. The targeted organisations spanned 34 countries across six continents, with 83 per cent of cases originating from organisations with fewer than 1,000 employees.

Relevance of telemetry logs in cyberattacks

According to Sophos, "The telemetry you collect gives you insights that you can use to effectively administer and manage your IT infrastructure." Therefore, the absence of telemetry poses a significant challenge, diminishing visibility into organisational networks and systems, especially as the time from initial access to detection—known as attacker dwell time—continues to decrease. This reduction in response time intensifies the urgency for defenders to effectively counter incidents.

John Shier, field CTO at Sophos, emphasised the critical importance of time in responding to active threats on time. He stated, "Missing telemetry only adds time to remediations that most organisations can't afford. This is why complete and accurate logging is essential, but we're seeing that, all too frequently, organisations don't have the data they need."

Ransomware attacks

Sophos' latest report also found that the "dwell time" for ransomware attacks also fell 44 per cent year-on-year a 72 per cent all-time drop. This indicates that attackers are aware of improvements in defenders' ability to detect ransomware attacks. This also shows that attackers have a "well-developed playbook" and many may be well-practiced in carrying out these attacks.

The report categorised ransomware attacks with a dwell time of five days or less as "fast attacks," constituting 38 per cent of the cases studied. In contrast, "slow" ransomware attacks, with a dwell time exceeding five days, accounted for 62 per cent of the cases.

Also Read

Akira Ransomware: What makes this ransomware a national-level threat?

73 per cent of Indian firms report being ransomware victim in 2023: Report

10 heart attacks within 24 hrs at Garba events in Gujarat; youngest was 17

As online engagement rises, Indian firms vulnerable to cyber attacks

1.39 million cyberattacks handled in 2022, phishing attacks rise: Cert-In

Former OpenAI CEO Sam Altman to join Microsoft, announces Satya Nadella

OnePlus set to unveil its upcoming flagship on December 4 in China: Details

It's our time : Anupam Mittal's invitation to ousted OpenAI CEO Sam Altman

Apple working on in-house cellular modem, camera sensors and more: Report

Instagram reels influence beauty purchases in India, study reveals

Examining these fast and slow ransomware attacks, Sophos noted minimal variation in the tools, techniques, and living-off-the-land binaries (LOLBins) employed by attackers. While this suggests that defenders do not need to overhaul their defensive strategies as dwell time shortens, the lack of telemetry can impede swift response times, leading to increased damage.

Defending against cyberattacks

Shier offered reassurance to organisations, stating, "The same defenses that detect fast attacks will apply to all attacks, regardless of speed. The key is increasing friction whenever possible—if you make the attackers' job harder, then you can add valuable time to respond, stretching out each stage of an attack."

Sophos also recommended actionable intelligence for security practitioners to shape their defensive strategies effectively. Organisations must protect everything and also be ready to investigate promptly with a response plan on hand.

First Published: Nov 20 2023 | 4:01 PM IST

Explore News