Downtime for defenders means party time for attackers

Adversaries do not keep to a typical working schedule

clock • 1 min read
Downtime for defenders means party time for attackers
Image:

Downtime for defenders means party time for attackers

As 2023 draws to a close, cybersecurity teams may be looking forward to a well-deserved break before preparing for the year ahead.

However, the unfortunate truth is that adversaries do not keep to a typical working schedule and may see this downtime as an opportunity to attack.

Indeed, according to recent research by Sophos, payloads are typically launched outside of business hours, with many threat groups favouring evenings and weekend to launch attacks, and some coordinating activities to coincide with public holidays.

In addition, attackers are spending less time in networks, and are exfiltrating data faster than ever. Cybersecurity teams must therefore be ready to close the window quickly, stopping adversaries in their tracks.

Teams can't afford to take their eye off the ball, but they are only human. Over holiday periods and downtime, attackers have a greater chance of infiltrating networks, and once they are in, chances are they will steal data. This is why managed detection and response is an essential part of your security arsenal and why round-the-clock monitoring is needed to ensure adversaries do not take advantage of gaps in visibility.

A live webinar next week will look at how adversaries time their activities, and why the holidays may leave organisations especially vulnerable. Based on Computing's research, it will also explore why continuous, proactive monitoring and early detection is essential for organisations of all size.

And finally, it will look to the year ahead and what organisations should be doing to prepare for future threats.

Came along and bring your questions. We promise it will be time well spent.

Webinar Beyond the 9 to 5: How to protect yourself from 'after hours' cyber attacks, 6th December, 3pm. Register today.

 

You may also like
SophosEncrypt: Researchers expose new ransomware abusing the Sophos name

Threats and Risks

The executable uses 'Sophos' in the ransom notice and the '.sophos' extension for encrypted files

clock 19 July 2023 • 3 min read
3CX admits supply chain attack

Threats and Risks

Trojanised version of the 3CX desktop VoIP app observed communicating with C2 servers

clock 31 March 2023 • 2 min read
Over 4,000 Sophos firewall servers still vulnerable to code injection vulnerability

Threats and Risks

Miscreants could use the bug to launch remote code execution attacks

clock 18 January 2023 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Microsoft offers advice on avoiding another CrowdStrike-style outage

Microsoft offers advice on avoiding another CrowdStrike-style outage

Vendors should minimise use of kernel mode, customers should make full use of integrated Windows security features

John Leonard
clock 29 July 2024 • 3 min read
'Gay furry hackers' breach conservative US think tank behind Project 2025

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read