Highlights –

  • Despite the unstable threat environment and growing dangers described in the research, incident responders are fighting back, with 87% reporting that they can occasionally (50%) or very frequently (37%) disrupt a cybercriminal’s actions.
  • Ransomware attacks continue to dominate, frequently bolstered by the cooperation of e-crime organizations on the dark web.

VMware released its eighth annual Global Incident Response Threat Report at the Black Hat USA 2022, which digs deeper into the difficulties security teams confront in the face of pandemic interruptions, fatigue, and cyberattacks with geopolitical motivations. According to research findings, 65% of defenders claim that since Russia invaded Ukraine, cyberattacks have escalated. The report also highlights new dangers like deepfakes, API attacks, and cybercriminals that directly target incident responders.

Additional significant conclusions from the report are as follows:

Cyber pro burnout is still a severe problem. Around 47% of incident responders, down from 51% the previous year, reported having burnout or extreme stress last year. Among this category, 69% (up from 65% in 2021) of the respondents said they had considered quitting their job as a result. However, more than two-thirds of respondents reported that their companies had introduced wellness programs that address burnout, indicating that companies are trying to combat this.

Actors using ransomware employ cyber extortion techniques. Ransomware attacks continue to dominate, frequently bolstered by the cooperation of e-crime organizations on the dark web. Two-thirds (66%) of respondents have come across affiliate programs and/or partnerships between ransomware groups, and 57% have experienced such attacks in the past 12 months. Major cyber cartels continue to extort businesses using double extortion strategies, data auctions, and blackmail.

The new endpoint and the next line of attack for attackers are APIs. As workloads and apps multiply, API security is threatened in 23% of attacks. The top types of API attacks are data exposure (encountered by 42% of respondents in the previous year), SQL and API injection attacks (37 % and 34%, respectively), and distributed Denial-of-Service assaults (33%).

The new battleground is lateral movement. In 25% of all attacks, a lateral movement was seen, with cybercriminals using a variety of tools to snoop around in networks, including script hosts (49%), file storage (46%), PowerShell (45%), business communications platforms (41%), and.NET (39%). According to a review of the telemetry in VMware Contexa, a full-fidelity threat intelligence cloud integrated into VMware security solutions, in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event.

Despite the unstable threat environment and growing dangers described in the research, incident responders are fighting back, with 87% reporting that they can occasionally (50%) or very frequently (37%) disrupt a cybercriminal’s actions. They are also employing new methods for the same. Three-quarter (75%) of the respondents said they now use virtual patching as a safety net. In every situation, defenders will be better able to weather the storm if they have greater visibility across the widening attack surface of today.

In June 2022, 125 cybersecurity and incident response professionals worldwide took part in a VMware online survey regarding changes in the incident response landscape.

Experts’ Take

Rick McElroy, the principal cybersecurity strategist at VMware, said. “Cybercriminals are now incorporating deepfakes into their attack methods to evade security controls. Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase from last year, with email as the top delivery method. Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment.”

Chad Skipper, the global security technologist at VMware, said, “In order to defend against the broadening attack surface, security teams need an adequate level of visibility across workloads, devices, users, and networks to detect, protect, and respond to cyber threats. When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems.”