Email is the top delivery method used by cybercriminals deploying geopolitically-motivated attacks to try and move laterally inside networks, a new VMware report finds.
Sixty-five percent of defenders report that cyberattacks have increased since Russia invaded Ukraine, according to VMware’s eighth annual Global Incident Response Threat Report released at Black Hat USA 2022.
In February, for instance, VMware reported seeing a new type of malware (coined HermeticWiper) deployed in one of the largest targeted attacks in history focused solely on the destruction of critical information and resources. “This is part of a growing list of destructive malware deployed against Ukraine, as noted in a joint advisory the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released this spring,’’ the report stated.
Increase of deepfakes in cybercrime
The report delves into what security teams are facing amid pandemic disruptions, burnout, and geopolitically-motivated cyberattacks. It also addresses emerging threats such as deepfakes, attacks on APIs and cybercriminals targeting incident responders themselves.
“Deepfakes in cyberattacks aren’t coming, they’re already here,” said Rick McElroy, principal cybersecurity strategist at VMware, in a statement. “Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase from last year.”
Email was the top delivery method, which McElroy said corresponds with the rise in business email compromise. “Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal with using deepfake technology is to evade security controls to compromise organizations and gain access to their environment.”
The study also found that zero-day exploits also show no signs of abatement after record levels last year: 62% of respondents said they experienced such attacks in the past 12 months, up from 51% in 2021. VMware said this surge can be attributed to geopolitical conflict, too.
SEE: Mobile device security policy (TechRepublic Premium)
Challenges for security pros
Additional key findings from the report include:
Cyber pro burnout remains a critical issue
Forty-seven percent of incident responders said they experienced burnout or extreme stress in the past 12 months, down slightly from 51% last year. Of this group, 69% (versus 65% in 2021) of respondents have considered leaving their job as a result. Organizations are working to combat this, however, with more than two-thirds of respondents stating their workplaces have implemented wellness programs to address burnout.
Ransomware actors incorporate cyber extortion strategies
The predominance of ransomware attacks, often buttressed by e-crime groups’ collaborations on the dark web, has yet to let up. Fifty-seven percent of respondents have encountered such attacks in the past 12 months, and two-thirds (66%) have encountered affiliate programs and/or partnerships between ransomware groups as prominent cyber cartels continue to extort organizations through double extortion techniques, data auctions and blackmail.
APIs are the new endpoint, representing the next frontier for attackers
As workloads and applications proliferate, 23% of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42% of respondents in the past year), SQL and API injection attacks (37% and 34%, respectively), and distributed denial-of-service attacks (33%).
Lateral movement is the new battleground
Lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from script hosts (49%) and file storage (46%) to PowerShell (45%), business communications platforms (41%) and .NET (39%) to rummage around inside networks. An analysis of the telemetry within VMware Contexa, discovered that in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event, the company said.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Fighting back with new techniques
The good news is that despite the turbulent threat landscape and rising threats detailed in the report, incident responders are fighting back, with 87% saying that they are able to disrupt a cybercriminal’s activities sometimes (50%) or very often (37%).
They’re also using new techniques to do so. Three-quarters of respondents (75%) said they are now deploying virtual patching as an emergency mechanism. In every case, the more visibility defenders have across today’s widening attack surface, the better equipped they’ll be to defend organizations, the company said.
The findings come from an online survey VMware conducted about trends in the incident response landscape in June 2022, with 125 cybersecurity and incident response professionals from around the world participating.