Imagine discovering that your organization’s sensitive data has been stolen and posted on the dark web. This unsettling scenario became a reality for Western Sydney University (WSU) in early 2025, when unauthorized access led to the exposure of personal information from approximately 10,000 students. The breach involved demographic, enrollment, and academic progression details, all accessed through the university’s single sign-on system. This incident underscores a growing trend in cyber threats: the rise of hands-on-keyboard attacks.
Understanding Hands-On-Keyboard Attacks
Hands-on-keyboard attacks refer to cyber intrusions where adversaries manually interact with compromised systems in real-time. Unlike automated malware attacks, these involve human operators navigating through networks, exploiting vulnerabilities, and executing commands directly. This method allows attackers to adapt their strategies on the fly, making them particularly dangerous and difficult to detect.
The Growing Prevalence of Manual Intrusions
According to CrowdStrike’s 2025 Global Threat Report, hands-on-keyboard attacks are on the rise. The report shows that 79% of detections in 2024 were malware-free, indicating a shift towards more manual and interactive attack methods. Attackers are increasingly exploiting valid credentials and legitimate tools to operate within compromised systems. Additionally, there was a 442% increase in voice phishing, highlighting the growing trend of using real-time tactics to evade traditional defenses.
Real-World Incidents Highlighting the Threat
The WSU data breach is not an isolated case. In the UK, more than a third of schools experienced severe cyber attacks over the past academic year, many linked to ransomware gangs employing manual hacking techniques. These attacks disrupted learning and compromised sensitive information, with ransom demands averaging ÂŁ5.1 million and recovery costs nearing ÂŁ3 million.Â
Furthermore, the UK’s National Cyber Security Centre (NCSC) reported a significant increase in severe cyber attacks, affecting key organizations such as London hospitals and the British Library. The NCSC emphasized the need for enhanced efforts to keep pace with rapidly advancing cyber threats, particularly those from state-led entities and sophisticated criminal organizations.Â
Why Hands-On-Keyboard Attacks Are Particularly Dangerous
Several factors contribute to the heightened risk posed by hands-on-keyboard attacks:
- Evasion of Traditional Defenses: Since these attacks often do not involve malware, they can bypass signature-based detection systems.
- Use of Legitimate Tools: Attackers frequently exploit legitimate administrative tools, making their activities blend in with normal operations and harder to detect.
- Rapid Lateral Movement: Skilled operators can quickly navigate through networks, escalating privileges and accessing critical systems before defenses can respond.
The Role of Fileless Malware in Manual Attacks
Fileless malware is often employed in hands-on-keyboard attacks. Unlike traditional malware, fileless variants reside in a system’s memory, leaving little to no footprint on the hard drive. This makes them challenging to detect using conventional antivirus solutions. The RSA Conference highlighted that defending against fileless malware requires advanced strategies beyond traditional detection methods.
Strategies for Defending Against Hands-On-Keyboard Attacks
To mitigate the risks associated with these sophisticated attacks, organizations should consider the following measures:
- Implement Behavioral Analytics: Utilize security solutions that monitor for anomalous behavior indicative of manual intrusion, such as unusual login times or unexpected access patterns.
- Enhance Endpoint Detection and Response (EDR): Deploy EDR solutions capable of identifying and responding to suspicious activities in real-time, even those that do not involve traditional malware.
- Regularly Update and Patch Systems: Ensure all systems are up-to-date with the latest security patches to close known vulnerabilities that attackers might exploit.
- Conduct Regular Security Training: Educate employees about the latest phishing tactics and social engineering methods to reduce the risk of credential theft.
- Limit Administrative Privileges: Apply the principle of least privilege to restrict user access rights, minimizing the potential impact of compromised accounts.
Monitor Network Traffic: Implement continuous network monitoring to detect unusual data flows that may indicate lateral movement or data exfiltration.
The Importance of Proactive Threat Hunting
Given the stealthy nature of hands-on-keyboard attacks, proactive threat hunting becomes essential. Organizations should not solely rely on automated defenses but also engage skilled security professionals to actively search for indicators of compromise within their networks. CrowdStrike’s 2024 Threat Hunting Report emphasizes the need for such proactive measures to outpace today’s sophisticated adversaries.Â
The rise of hands-on-keyboard attacks represents a significant shift in the cyber threat landscape. These manual, interactive intrusions are challenging traditional security measures and necessitate a more dynamic and proactive defense strategy. By understanding the nature of these attacks and implementing comprehensive security practices, organizations can better protect themselves against this evolving threat.
