VMware Carbon Black has unveiled findings from the fifth instalment of the semi-annual Global Incident Response Threat Report, entitled: “COVID-19 Continues to Create a Larger Surface Area for Cyberattacks,” based on an online survey in April 2020 of forty-nine incident response (IR) professionals from around the world.
“COVID-19 has changed the way we live, work and now how we combat cyberthreats. In an unprecedented year, security professionals face the challenge of securing remote endpoints while cybercriminals look to profit from the global disruption,” said Ihab Farhoud, Director, Solutions Engineering – Middle East, Turkey and North Africa. “On the frontline of security for their organizations, IR professionals are grappling with exacerbated cyberthreats ranging from counter IR to island hopping, lateral movement, destructive attacks and more.”
Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon Black, added: “There has been a dramatic surge in cyberattacks. The FBI reported a 400% increase in cybercrime. This is compounded by the stark reality that cybercriminals are becoming more sophisticated and punitive. Today, malicious actors are setting their sights on commandeering an organization’s digital transformation efforts to attack its customers. The heist has become a hostage situation and destructive attacks have become commonplace in 2020.”
Here’s a look at the key survey findings from IR professionals:
• 53% encountered or observed a surge in cyberattacks exploiting COVID-19, specifically pointing to remote access inefficiencies (52%), VPN vulnerabilities (45%) and staff shortages (36%) as the most daunting endpoint security challenges.
• 33% encountered instances of attempted counter IR, a 10% increase from our previous report. The forms of counter IR used – destruction of logs (50%) and diversion (44%) – signal the increasingly punitive nature of attacks and the rise of more destructive attacks.
• 51% of attacks targeted the financial sector. This was followed by healthcare (35%), professional services (35%) and retail (31%). Attackers continue to be motivated by financial gain, putting the financial sector at targeted risk.
• 33% of attacks showed signs of lateral movement – and as common tools like PowerShell bolster their defenses, this movement is being facilitated increasingly by the misuse of WMI, Google Drive and process hollowing.
• 51% saw attacks from China followed by North America (40%) and Russia (38%).