At Black Hat USA this week, VMware Carbon Black unveils findings from the fifth installment of the semiannual Global Incident Response Threat Report, entitled: “COVID-19 Continues to Create a Larger Surface Area for Cyberattacks,” based on an online survey in April 2020 of forty-nine incident response (IR) professionals from around the world.
COVID-19 has changed the way we live, work and now how we combat cyberthreats. In an unprecedented year, security professionals face the challenge of securing remote endpoints while cybercriminals look to profit from the global disruption. On the frontline of security for their organisations, IR professionals are grappling with exacerbated cyberthreats ranging from counter IR to island hopping, lateral movement, destructive attacks and more.
“There has been a dramatic surge in cyberattacks,” says Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon Black. “The FBI reported a 400% increase in cybercrime. This is compounded by the stark reality that cybercriminals are becoming more sophisticated and punitive. Today, malicious actors are setting their sights on commandeering an organisation’s digital transformation efforts to attack its customers. The heist has become a hostage situation and destructive attacks have become commonplace in 2020.”
Below are the key survey findings from IR professionals:
- 53% encountered or observed a surge in cyberattacks exploiting COVID-19, specifically pointing to remote access inefficiencies (52%), VPN vulnerabilities (45%) and staff shortages (36%) as the most daunting endpoint security challenges.
- 33% encountered instances of attempted counter IR, a 10% increase from our previous report. The forms of counter IR used – destruction of logs (50%) and diversion (44%) – signal the increasingly punitive nature of attacks and the rise of more destructive attacks.
- 51% of attacks targeted the financial sector. This was followed by healthcare (35%), professional services (35%) and retail (31%). Attackers continue to be motivated by financial gain, putting the financial sector at targeted risk.
- 33% of attacks showed signs of lateral movement – and as common tools like PowerShell bolster their defenses, this movement is being facilitated increasingly by the misuse of WMI, Google Drive and process hollowing.
- 51% saw attacks from China followed by North America (40%) and Russia (38%).
Next generation cyberattacks call for next generation IR, especially as corporate perimeters across the world become virtual. For a clearer picture on the evolving threat landscape as
well as actionable guidance for the challenging months to come, download the full report here.
VMware Carbon Black at Black Hat | Hear from the Experts
At Black Hat USA, you can find VMware Carbon Black on the virtual stage and at the following sessions:
August 5 | 11-11:40am PST | Live Q&A
Third Party Risk in 2020: How Island-Hopping, Third-Party Applications and Supply Chain Vulnerabilities Are Leading to Data Breaches
Join Rick McElroy, Principle Cybersecurity Strategist at VMware Carbon Black and Keren Elazari, Security Analyst and TED Speaker as they examine how defenders are combatting the adversaries and how threat hunting tactics are helping.
August 5 | On-Demand
Mitigating Cyber Escalation: Modernising Cybersecurity with Intrinsic Security
Join Tom Kellermann, Head Cybersecurity Strategist at VMware Carbon Black and VMware Carbon Black Senior Threat Researcher Greg Foss from VMware Carbon Black as they discuss the most notable attack trends and how shifting to an intrinsic security model can help your team suppress intrusions by transitioning form siloed to unified, reactive to active and bolted-on to built-in.
August 6 | 11-11:40am PST
Cybersecurity’s Constantly Evolving “New Normal”
The quick shift to remote work has generated a unique set of accessibility and security challenges during a time frequently dubbed the “new normal.” As we look to the future, what will “normal” look like? How will attackers continue to evolve? How will CISOs work with IT leaders for better collaboration? And will remote work become a universal standard? Listen to a panel of cybersecurity experts and discuss full implications of COVID-19 and how security will, again, be forced to quickly adapt.
Learn. Connect. Collaborate.
“Offense informs defense, so I am looking forward to learning about access mining forums, process hollowing and new methods of attacking APIs and applications,” says Kellermann about this year’s Black Hat conference. “From a defensive perspective, I am excited to learn about evolutions in cyberthreat hunting, clandestine incident response and the future of XDR.”
For the latest and to connect with the VMware Carbon Black team, registered attendees can stop by our virtual booth.
You can also check out:
- Dark Reading Interview | Video Discussion featuring Andrew Costis, VMware Carbon Black Threat Researcher
- Black Hat Interview | Q&A Block featuring Scott Lundgren, VP and CTO, VMware Carbon Black