VMware Carbon Black Global Incident Response Threat Report Details Surge in Cyberattacks Amid COVID-19

VMware Carbon Black Global Incident Response Threat Report Details Surge in Cyberattacks Amid COVID-19

 

 

VMware Carbon Black has unveiled findings from the fifth

instalment of the semi-annual Global Incident Response

Threat Report, entitled: “COVID-19 Continues to Create a

Larger Surface Area for Cyberattacks,” based on an online

survey in April 2020 of forty-nine incident response (IR)

professionals from around the world.  

 

“COVID-19 has changed the way we live, work and now

how we combat cyberthreats. In an unprecedented year,

security professionals face the challenge of securing remote

endpoints while cybercriminals look to profit from the

global disruption,” said Ihab Farhoud, Director, Solutions

Engineering – Middle East, Turkey and North Africa. “On

the frontline of security for their organizations, IR

professionals are grappling with exacerbated cyberthreats

ranging from counter IR to island hopping, lateral

movement, destructive attacks and more.”

Tom Kellermann, Head of Cybersecurity Strategy, VMware

Carbon Black, added: “There has been a dramatic surge in

cyberattacks. The FBI reported a 400% increase in

cybercrime. This is compounded by the stark reality that

cybercriminals are becoming more sophisticated and

punitive. Today, malicious actors are setting their sights on

commandeering an organization’s digital transformation

efforts to attack its customers. The heist has become a

hostage situation and destructive attacks have become

commonplace in 2020.”

 Here’s a look at the key survey findings from IR

professionals:

 • 53% encountered or observed a surge in cyberattacks

exploiting COVID-19, specifically pointing to remote access

inefficiencies (52%), VPN vulnerabilities (45%) and staff

shortages (36%) as the most daunting endpoint security

challenges.  

• 33% encountered instances of attempted counter IR, a

10% increase from our previous report. The forms of

counter IR used – destruction of logs (50%) and diversion

(44%) – signal the increasingly punitive nature of attacks

and the rise of more destructive attacks.

• 51% of attacks targeted the financial sector. This was

followed by healthcare (35%), professional services (35%)

and retail (31%). Attackers continue to be motivated by

financial gain, putting the financial sector at targeted risk. 

• 33% of attacks showed signs of lateral movement – and

as common tools like PowerShell bolster their defenses,

this movement is being facilitated increasingly by the

misuse of WMI, Google Drive and process hollowing.

 

• 51% saw attacks from China followed by North America

(40%) and Russia (38%).

Next generation cyberattacks call for next generation IR,

especially as corporate perimeters across the world become

virtual. For a clearer picture on the evolving threat

landscape as well as actionable guidance for the

challenging months to come, download the 

full report