VMware Carbon Black’s semiannual Global Incident Response Threat Report (GIRTR) is out. And it appears attackers continue to evolve.
VMware Carbon Black has a vast incident response (IR) partner ecosystem, comprising more than 100 leading IR firms. These partners use Carbon Black technology in more than 1,000 response engagements per year.
Aggregated data from these top IR firms shows that cooperation among attackers is increasing. That makes it more important than ever for the good guys to fight back.
“Because geopolitical tension is playing out in cyberspace, targets must boost defenses,” says Tom Kellermann, VMware Carbon Black head cybersecurity strategist. “Beyond politics, financial motivation is a top driver. That means organizations with decentralized systems protecting high-value assets, including money, intellectual property, and state secrets, continue to be at high risk.”
Three Research Highlights
The GIRTR includes eight key research highlights. Three demonstrate significant increases since the last report:
- Financial gain was the primary motivation for 90 percent of attacks. This is a sharp increase from 61 percent in the first half of 2019. It’s also a shift from previous years, when intellectual property theft and stealing customer information topped the list.
- “Island hopping” continues to rise. Forty-one percent of total attacks came from this advanced method, where attackers target enterprises via partners and vendors.
- IR pros said they experienced destructive/integrity attacks in about 41 percent of attacks, a 10 percent increase on the past two quarters.
The majority of today’s cyberattacks now include tactics like lateral movement, island hopping and destructive attacks, according to the November 2019 report. Advanced hacking capabilities and services for sale on the dark web compound the issue, as does an unprecedented collaboration among nation-states, according to the report.
What’s Island Hopping?
Like lateral movement, island hopping is a significantly intrusive cyberattack.
Island hopping allows cybercriminals to creep into systems at their most vulnerable points. They then hop to higher security sections of the network, the threat report explains.
Kellermann is anxious for enterprises to take note. “The most dangerous part about island hopping is how it’s being used,” he says.
In island hopping, criminals use enterprise infrastructure to attack that enterprise’s constituency. In plain terms, your IT systems begin attacking your customers’ IT systems, and your customers see the attacks as coming from your business.
“We need to change the conversation, because this goes way deeper than preventing data theft,” Kellermann adds. “Brand value and customer loyalty is at stake.”