October 24, 2024  —  Acronis

Ghost in the machine: When cyberattacks go undetected

Acronis
Acronis Cyber Protect Cloud
for service providers

Imagine someone rifling through your files right now, stealing your or your clients’ data, preparing to hold it for ransom or maybe just sell it on the dark web. Now think about this: It could be happening now, and you wouldn’t know it.

Cyberattacks aren’t like old-fashioned bank robberies. There are no dramatic entrances, tense standoffs or noisy conflicts like in the movies. Today robbers do their work from some remote location and, more to the point, they do it quietly. So quietly, in fact, that cyberattacks routinely go on for weeks or months before organizations sniff them out.

Acronis

Things that go bump in your servers

IBM reports that the average phishing attack lasts 261 days — and that’s just the average. How much damage could a cyber attacker do with nine months to invade your system and steal your data? A lot, as it turns out: IBM found that the average data breach has cost the victim $4.88 million in 2024, a 10% increase from 2023.

The prospect of any data breach is scary, but the thought that an attacker could fundamentally take over an organization’s data for weeks or months is downright terrifying. Consider that cyberattackers took only about a week to cripple Change Healthcare in one of the largest data breaches in U.S. history. Given months or years, attackers could completely devastate a business.

Acronis

The call is coming from inside the house: True tales of cyberattacks

The list of massive data breaches is almost as long as it is legendary. The biggest of them all, an infamous 2013 Yahoo breach that compromised all of the company’s three billion accounts lasted for three years. Not months, years. Granted, that breach is an outlier, and it’s now more than a decade old.

But even in 2024, breaches with surprisingly long durations have plagued some very recognizable victims. Consider these terrifying tales from this year alone:

High-level Microsoft emails exposed for weeks

In January 2024, Microsoft disclosed that a group of cyberattackers had access to senior executives’ emails for at least six weeks. Six weeks seems like a short period of time when the average cyberattack lasts almost nine months, and it is. But imagine a cyberattacker having access to some of your or your clients’ most sensitive information for weeks.

And then consider that Microsoft is a massive global corporation that actually develops its own security applications. In theory, Microsoft should be one of the safest operations in the world. And yet a group of attackers were able to read extremely sensitive executive and legal emails for more than a month. One of the world’s most secure companies took more than a month to spot a breach. How long would most small businesses need?

Dell systems compromised for nearly three weeks

Along the same lines as Microsoft, Dell is a technology company that should be among the most secure organizations in existence. But in May 2024, cyberattackers penetrated Dell’s defenses and had access to the company’s systems for nearly three weeks. Again, a company full of technical experts couldn’t detect a breach for nearly a month.

This time, the damage went far beyond executive emails. The attackers stole and reportedly sold information from 49 million records related to systems customers bought from Dell between 2017 and 2024. The point here isn’t that Dell or Microsoft is poor or derelict in protecting data. Both are extremely reputable companies with armies of high-level security professionals. The point is that if an attacker can steal records from Dell for weeks, breaching a small business for months will be relatively easy.

Attackers steal MITRE data for months

This might be the most shocking example of all. MITRE, a nonprofit company that conducts research and development and even has an extremely reputable cybersecurity knowledge base, said in April 2024 that attackers had breached one of its research and prototyping networks.

And how long were attackers able to access MITRE’s network before being detected? About three months. The attack began in January, and MITRE didn’t disclose it until April. The company acknowledged that the cyberattack endured despite MITRE employing best practices. A company that routinely works with a high-level security clearance still managed to fall victim to an attack that lasted for months.

Acronis

Detection and response provide safety from danger

For small businesses, the danger of having an attacker access data for days, weeks or months is very real. It could be happening right now. Yes, it’s scary, but you and your clients aren’t defenseless. Endpoint detection and response (EDR) and extended detection and response (XDR) can keep the monsters out of your critical data.

Acronis Cyber Protect Cloud with Advanced Security + XDR enables MSPs and their clients to monitor their systems so that cyberattackers can’t lurk unnoticed. With XDR, MSPs can offer clients rapid prevention, detection, analysis, response to, and recovery from cyberattacks. XDR can prevent intrusion, and it can also detect and mitigate them before attackers have a chance to do any real damage.

For businesses, Acronis Cyber Protect with EDR continuously monitors, detects and enables response to activity that it doesn’t recognize as normal. It also collects security information from endpoints and system logs to perform anomaly detection and drive informed responses across affected endpoints.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.