The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.
The importance of IT security has been known for a long time, but you wouldn’t know that anyone was doing anything about it based on a new analysis of network security practices at a sampling of 36 companies in Eastern Europe. The 13-page study, “Top Cybersecurity Threats on Enterprise Networks,” which was performed using advanced network traffic analysis tools, found that 97% of the surveyed companies show evidence of suspicious activity in their network traffic and that 81% of the companies were being subject to malicious activity.
The study, which is based on research gathered in 2019 by IT security vendor Positive Technologies, was released March 17. The companies that were evaluated in the research each had at least 1,000 employees and were reviewed for an average of one month as part of pilot projects for Positive Technologies’ latest Network Attack Discovery product.
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
Among the suspicious network activities revealed in the research were traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying, according to the report.
“In one in every three companies, there were traces of scans of its internal network, which could potentially mean that hackers are gathering intelligence inside the infrastructure. This includes network scans, multiple failed attempts to connect to hosts, and traces of collecting intelligence on active network sessions on a specific host or in the entire domain.”
Another alarming statistic from the research showed that 94% of the participating companies in the study suffered from noncompliance with their corporate security policies within their IT infrastructure systems, leaving them more vulnerable to successful cyberattacks, according to the report.
Noncompliance with IT security policies “has a direct impact on security deterioration, by practically opening the door for the hackers to exploit,” the report continued.
Also worrisome is that 81% of the participating companies are transmitting their sensitive data in clear text, or text that is not encrypted or meant to be encrypted, according to the research. By using only risky clear text, companies can enable potential hackers to search their network traffic for logins and passwords which are moving between and across corporate networks.
Meanwhile, some 67% of the companies allow the use of remote access software, such as RAdmin, TeamViewer, and Ammyy Admin, which can also be compromised by attackers to move along the network while remaining undetected by security tools, the report states.
In addition, workers in 44% of the companies use BitTorrent for data transfer, which dramatically can increase the risk of malware infection.
Ultimately, 92% of these network security threats were detected inside the perimeters of the companies that were surveyed, according to the report, which reveals the depth of the problems and the need for constant internal network monitoring.
In a statement, Evgeny Gnedin, the head of information security analytics for Positive Technologies, said the fight against corporate network attacks must be constant and must include a diverse group of tools and strategies to successfully fight malicious attackers.
“Traffic hiding is risky, because when the employees connect to Tor, set up proxy servers, and set up VPN to bypass websites blocking, the hackers can use the same technologies to communicate with command and control servers,” said Gnedin. “The attackers can use that to control the malware and trigger a payload attack.”
Network traffic analysis systems can help companies fight these attacks by analyzing real-time network traffic using machine learning algorithms, behavioral analysis, rules-based detection, threat-hunting capabilities, and other tools to detect suspicious network activity, malware activity, attempted exploitation of vulnerabilities on the perimeter and inside the network, noncompliance with information security and policies, and more.