The process of threat hunting involves proactively searching for malware or attackers that are hiding within a network. Rather than simply relying on security solutions or services to detect threats, threat hunting is a predictive element to a layered security strategy, empowering organizations to go on the offensive looking for threats.
In Part 2 of this two-part series, our goal is to provide security practitioners with better visibility, knowledge, and capabilities relative to malicious persistence techniques that impact organizations around the world every day. In this post, we’ll explore two additional persistence techniques that are being used by attackers in the wild: Scheduled Tasks (T1053) and BITS Jobs (T1197).
The FBI recently reported that in 2019, cybercrime cost businesses $3.5 billion, a number they say is likely grossly underestimated. Another study from Accenture that spanned 11 countries across 16 industries found that the complexity of attacks is also increasing. As a result, the average cost of cybercrime for an organization grew from $1.4 million to $13.0 million.
As a result of this ever-increasing volume and sophistication, SOC’s and SIEM’s using traditional, reactive measures are overwhelmed. More and more organizations are turning to detection and response solutions which combine threat intelligence and cyber expertise, to uncover and remediate threats as early as possible, and also to mitigate risk of future attacks.
For a very long time, cyber security measures had defensive features that aimed to build an impenetrable wall around your assets. Threat hunting practices shift this defensive approach to an offensive one. In this article, we discussed threat hunting and its use cases in great detail.
Threat hunting practices are gaining much more importance as hackers and cyber threats focus on improving their stealth. As a result, it is essential for organizations to take on a proactive stance on threat hunting. Continue reading to learn how you can manage that. What is threat hunting? Threat hunting is one of the fundamental cyber security practices. It aims to detect stealthy attacks and threats that go undetected by the traditional security measures.