At Black Hat USA this week, VMware Carbon Black unveils findings from the fifth installment of the semiannual Global Incident Response Threat Report, entitled: “COVID-19 Continues to Create a Larger Surface Area for Cyberattacks,” based on an online survey in April 2020 of forty-nine incident response (IR) professionals from around the world.
COVID-19 and Cyberthreats
COVID-19 has changed the way we live, work and now how we combat cyberthreats. In an unprecedented year, security professionals face the challenge of securing remote endpoints while cybercriminals look to profit from the global disruption. On the frontline of security for their organisations, IR professionals are grappling with exacerbated cyberthreats ranging from counter IR to island hopping, lateral movement, destructive attacks and more.
'“There has been a dramatic surge in cyberattacks,” says Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon Black.' '“The FBI reported a 400% increase in cybercrime. This is compounded by the stark reality that cybercriminals are becoming more sophisticated and punitive. Today, malicious actors are setting their sights on commandeering an organisation’s digital transformation efforts to attack its customers. The heist has become a hostage situation and destructive attacks have become commonplace in 2020.”'
Below are the key survey findings from IR professionals:
- 53% encountered or observed a surge in cyberattacks exploiting COVID-19, specifically pointing to remote access inefficiencies (52%), VPN vulnerabilities (45%) and staff shortages (36%) as the most daunting endpoint security challenges.
- 33% encountered instances of attempted counter IR, a 10% increase from our previous report. The forms of counter IR used – destruction of logs (50%) and diversion (44%) – signal the increasingly punitive nature of attacks and the rise of more destructive attacks.
- 51% of attacks targeted the financial sector. This was followed by healthcare (35%), professional services (35%) and retail (31%). Attackers continue to be motivated by financial gain, putting the financial sector at targeted risk.
- 33% of attacks showed signs of lateral movement – and as common tools like PowerShell bolster their defenses, this movement is being facilitated increasingly by the misuse of WMI, Google Drive and process hollowing.
- 51% saw attacks from China followed by North America (40%) and Russia (38%).
Next generation cyberattacks call for next generation IR, especially as corporate perimeters across the world become virtual.
For a clearer picture on the evolving threat landscape as well as actionable guidance for the challenging months to come, download the full report here.