Cyber Weapons Report

2016 Cyber Weapons Report

Network Traffic Analysis Reveals Tools Attackers Use

What tools do attackers use? The 2016 Cyber Weapons Report seeks to address this question by analyzing attack behaviors in real-world environments. This report focuses on the anomalous activity that occur after the initial intrusion, including command and control, reconnaissance, lateral movement and data exfiltration. That activity is then traced back automatically to the originating process, using a technology called Network to Process Association. This results in a first-of-its-kind quantitative view of attack tools.

Attackers leverage a variety of tools and techniques to expand their footprint. The 2016 Cyber Weapons Report focuses on the vast set of native operating system services, admin software, and reconnaissance tools attackers use while learning and spreading within compromised organizations. By using these tools, attackers can remain undetected for months. It is time for the industry to understand the scope of tools in play, and explore mechanisms to detect anomalous attack activity.

Download the report to learn about:

  • The top ten networking and hacking tools, admin tools, remote desktop tools and malware associated with attacks
  • Which types of attacks are the most common in real-world network
  • How legitimate software, in the hands of external attackers and malicious insiders, can become weapons to carry out costly attacks.