At Black Hat USA 2021, VMware, Inc. released its seventh annual Global Incident Response Threat Report, which analyses how attackers are manipulating reality to reshape the modern threat landscape.
The report found a drastic rise in destructive attacks, where adversaries deploy advanced techniques to deliver more targeted, sophisticated attacks that distort digital reality, be it via business communications compromise (BCC) or the manipulation of time.
“Today, we’re seeing a nexus between nation-states and cybercriminals continue to rapidly advance the development of increasingly sophisticated and destructive cyberattacks, combined with the broadening of the attack surface as a result of COVID-19,” says Tom Kellermann, head of cybersecurity strategy, VMware. “The digital and physical worlds have converged, and everything can be manipulated by modern-day attackers. The reality is that first adopters of advanced technologies, such as artificial intelligence and machine learning, are often cybercriminals on the dark web and in nation-states intelligence communities.”
Defenders are struggling to counter these complex attacks and gain visibility into new environments, such as the cloud, containers, and business communication applications. The report found that defenders are also grappling with mental health concerns and heightened job expectations, with 51% experiencing extreme stress or burnout over the past year.
“Burnout is a huge issue with incident response teams, who are handling a spike in engagements in what is still a largely remote environment,” says Rick McElroy, principal cybersecurity strategist at VMware. “It only further underscores the need for leaders to build resilient teams, whether that means considering rotations of work, empowering individuals to take mental health days, or any number of other initiatives aimed at nurturing personal growth and development.”
Additional key findings from the 2021 Global Incident Response Threat Report include:
•The nexus between nation-states and e-crime heightens the threat landscape and exploit vulnerabilities: Among those who have encountered ransomware attacks in the past year, 64% witnessed affiliate programs and/or partnerships between ransomware groups. Defenders are also looking for new ways to fight back: 81% said they are willing to leverage active defence in the next 12 months.
•Advanced techniques are being used to make attacks more destructive and targeted: Respondents indicate that targeted victims now experience destructive/integrity attacks more than 50% of the time. Cybercriminals are achieving this through emerging techniques, like the manipulation of time stamps, or Chronos attacks, which nearly 60% of respondents have observed. Catalysed by the shift to remote work, 32% of respondents also experienced adversaries leveraging business communication platforms to move around a given environment and launch sophisticated attacks.
•With cloud-jacking on the rise, cloud security remains a top priority: Following the rush to cloud technology amid the pandemic, cybercriminals have continued to exploit these environments. Nearly half (43%) of respondents said more than a third of attacks were targeted at cloud workloads, with almost a quarter (22%) saying more than half were. For this reason, 6 in 10 respondents said cloud security tools are their top priority to implement