Recent research from Positive Technologies reveals that nearly all enterprises have come across suspicious network activities like traffic hiding.
Positive Technologies has citied network proxy, traffic hiding, VPN tunneling, and connections to the Tor anonymous network, as some of the top suspicious activities enterprises are facing in their network traffic. The study “Top Cybersecurity Threats on Enterprise Networks,” says nearly all (97%) of organizations have witnessed suspicious activity in their network traffic and that 81% of the companies were prone to malicious activity.
The study was performed in 2019 by using advanced network traffic analysis tools on 36 companies in Eastern Europe. As per the report, one in every three companies was found with traces of scans of its internal network, suggesting that hackers were gathering intelligence inside the infrastructure. Cybercriminals tried to conduct network scans and had a number of failed attempts to connect to hosts. Traces of collecting intelligence on active network sessions on a particular host or throughout the domain were also noted in the research.
A whopping 94% of the enterprises surveyed for the study suffered from noncompliance with their corporate security policies within their IT infrastructure systems, making them more vulnerable to successful cyber-attacks. Employees in 44% of the organizations use BitTorrent to transfer data, which can increase the risk of malware infection. The report further states around 70% of organizations use remote access software like RAdmin and TeamViewer. This further increases their chances of being compromised by attackers. As per the study, 92% of these network security threats were detected inside the perimeters of the enterprises that were surveyed. These numbers reveal the need for constant internal network monitoring.
Companies should make a constant effort to fight against corporate network attacks and use an array of tools and strategies to combat hackers. They can also use network traffic analysis systems to tackle these attacks by analyzing real-time network traffic using machine learning (ML) algorithms, behavioral analysis, threat-hunting capabilities, and other tools to detect suspicious network activity, attempted exploitation of vulnerabilities inside the network, noncompliance with information security and policies, and more.