VMware Carbon Black releases its semiannual Global Incident Response Threat Report (GIRTR), and it reveals that attackers are continuing to evolve.
VMware Carbon Black has a vast incident response (IR) partner ecosystem, comprising more than 100 leading IR firms. These partners use Carbon Black technology in more than 1,000 response engagements per year. Aggregated data from these top IR firms shows that cooperation among attackers is increasing. That makes it more important than ever for the good guys to fight back.
“Because geopolitical tension is playing out in cyberspace, targets must boost defenses,” says Tom Kellermann, VMware Carbon Black head cybersecurity strategist. “Beyond politics, financial motivation is a top driver. That means organizations with decentralized systems protecting high-value assets, including money, intellectual property, and state secrets, continue to be at high risk.”
The GIRTR includes eight key research highlights. Three demonstrate significant increases since the last report include financial gain was the primary motivation for 90 percent of attacks. This is a sharp increase from 61 percent in the first half of 2019. It’s also a shift from previous years, when intellectual property theft and stealing customer information topped the list; “island hopping” continues to rise, as forty-one percent of total attacks came from this advanced method, where attackers target enterprises via partners and vendors; and IR pros said they experienced destructive/integrity attacks in about 41 percent of attacks, a 10 percent increase compared to the past two quarters.
The majority of cyberattacks now include tactics like lateral movement, island hopping and destructive attacks, according to the November report. Advanced hacking capabilities and services for sale on the dark web compound the issue, as does an unprecedented collaboration among nation-states, according to the report.
This most recent GIRTR also highlights the rise in custom malware, which the report defines as “coded with a specific purpose in mind, a sign of more sophisticated and well-financed attacks, as opposed to commodity malware, which is widely available for purchase or for free on the dark web.”
Custom malware was used in 41 percent of attacks, up from 33 percent in the first quarter of this year, according to the report.
“This increase should also worry enterprises because of the pass-along effect. These attackers are like Johnny Appleseed,” says Kellermann.
Kellermann explains why people who build custom attack code sell it on the dark web; buyers use that purchased code to attack a company with it; and once that happens, the custom code builder can now teleport into the attacked company’s environment because he or she has administrative access to that attack code.
As communities of attackers come together, so, too, must defenders. And that’s exactly what VMware Carbon Black and top IR professionals are doing. They’re “fighting back as a global community with actionable intelligence and holistic strategies to mitigate the ongoing cyber insurgency online.”
No comments:
Post a Comment