VMware Carbon Black Global Incident Response Threat Report Details Surge in Cyberattacks Amid COVID-19
VMware Carbon Black has unveiled findings from the fifth
instalment of the semi-annual Global Incident Response
Threat Report, entitled: “COVID-19 Continues to Create a
Larger Surface Area for Cyberattacks,” based on an online
survey in April 2020 of forty-nine incident response (IR)
professionals from around the world.
“COVID-19 has changed the way we live, work and now
how we combat cyberthreats. In an unprecedented year,
security professionals face the challenge of securing remote
endpoints while cybercriminals look to profit from the
global disruption,” said Ihab Farhoud, Director, Solutions
Engineering – Middle East, Turkey and North Africa. “On
the frontline of security for their organizations, IR
professionals are grappling with exacerbated cyberthreats
ranging from counter IR to island hopping, lateral
movement, destructive attacks and more.”
Tom Kellermann, Head of Cybersecurity Strategy, VMware
Carbon Black, added: “There has been a dramatic surge in
cyberattacks. The FBI reported a 400% increase in
cybercrime. This is compounded by the stark reality that
cybercriminals are becoming more sophisticated and
punitive. Today, malicious actors are setting their sights on
commandeering an organization’s digital transformation
efforts to attack its customers. The heist has become a
hostage situation and destructive attacks have become
commonplace in 2020.”
Here’s a look at the key survey findings from IR
professionals:
• 53% encountered or observed a surge in cyberattacks
exploiting COVID-19, specifically pointing to remote access
inefficiencies (52%), VPN vulnerabilities (45%) and staff
shortages (36%) as the most daunting endpoint security
challenges.
• 33% encountered instances of attempted counter IR, a
10% increase from our previous report. The forms of
counter IR used – destruction of logs (50%) and diversion
(44%) – signal the increasingly punitive nature of attacks
and the rise of more destructive attacks.
• 51% of attacks targeted the financial sector. This was
followed by healthcare (35%), professional services (35%)
and retail (31%). Attackers continue to be motivated by
financial gain, putting the financial sector at targeted risk.
• 33% of attacks showed signs of lateral movement – and
as common tools like PowerShell bolster their defenses,
this movement is being facilitated increasingly by the
misuse of WMI, Google Drive and process hollowing.
• 51% saw attacks from China followed by North America
(40%) and Russia (38%).
Next generation cyberattacks call for next generation IR,
especially as corporate perimeters across the world become
virtual. For a clearer picture on the evolving threat
landscape as well as actionable guidance for the
challenging months to come, download the
full report