Downtime for defenders means party time for attackers

Adversaries do not keep to a typical working schedule

clock • 1 min read
Downtime for defenders means party time for attackers
Image:

Downtime for defenders means party time for attackers

As 2023 draws to a close, cybersecurity teams may be looking forward to a well-deserved break before preparing for the year ahead.

However, the unfortunate truth is that adversaries do not keep to a typical working schedule and may see this downtime as an opportunity to attack.

Indeed, according to recent research by Sophos, payloads are typically launched outside of business hours, with many threat groups favouring evenings and weekend to launch attacks, and some coordinating activities to coincide with public holidays.

In addition, attackers are spending less time in networks, and are exfiltrating data faster than ever. Cybersecurity teams must therefore be ready to close the window quickly, stopping adversaries in their tracks.

Teams can't afford to take their eye off the ball, but they are only human. Over holiday periods and downtime, attackers have a greater chance of infiltrating networks, and once they are in, chances are they will steal data. This is why managed detection and response is an essential part of your security arsenal and why round-the-clock monitoring is needed to ensure adversaries do not take advantage of gaps in visibility.

A live webinar next week will look at how adversaries time their activities, and why the holidays may leave organisations especially vulnerable. Based on Computing's research, it will also explore why continuous, proactive monitoring and early detection is essential for organisations of all size.

And finally, it will look to the year ahead and what organisations should be doing to prepare for future threats.

Came along and bring your questions. We promise it will be time well spent.

Webinar Beyond the 9 to 5: How to protect yourself from 'after hours' cyber attacks, 6th December, 3pm. Register today.

 

You may also like
SophosEncrypt: Researchers expose new ransomware abusing the Sophos name

Threats and Risks

The executable uses 'Sophos' in the ransom notice and the '.sophos' extension for encrypted files

clock 19 July 2023 • 3 min read
3CX admits supply chain attack

Threats and Risks

Trojanised version of the 3CX desktop VoIP app observed communicating with C2 servers

clock 31 March 2023 • 2 min read
Over 4,000 Sophos firewall servers still vulnerable to code injection vulnerability

Threats and Risks

Miscreants could use the bug to launch remote code execution attacks

clock 18 January 2023 • 3 min read

More on Security

Microsoft 365 emails vulnerable to newly discovered exploits

Microsoft 365 emails vulnerable to newly discovered exploits

Security woes continue

Penny Horwood
clock 20 June 2024 • 2 min read
Cyber gang shifts focus to SaaS apps

Cyber gang shifts focus to SaaS apps

‘Scattered Spider’ is targeting vSphere, Salesforce, Crowdstrike and more

Vikki Davies
clock 18 June 2024 • 2 min read
Microsoft June Patch Tuesday has fixes for Windows, Outlook and SharePoint

Microsoft June Patch Tuesday has fixes for Windows, Outlook and SharePoint

A relatively quiet month

John Leonard
clock 12 June 2024 • 2 min read