Security teams are facing down more cyberattacks following Russia’s invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in their strikes.
This is according to VMware, which published its Global Incident Response Threat Report for 2022 this week.
VMware found a quarter of all ransomware attacks included double-extortion techniques, with top methods including blackmail (63 percent), data auction (60 percent) and name and shame (37 percent.) The use of deepfakes also shot up this year, by 13 percent to 66 percent of respondents reporting they had featured in an attack. The majority were video, and the top delivery method was email, at 78 percent.
All told, the team surveyed 125 cybersecurity and incident response pros and found, unsurprisingly, things are tough at the malware coalface.
Geopolitical issues are causing consternation. 65 percent of respondents noted that cyberattacks had increased since Russia invaded Ukraine and 62 percent said they’d been on the receiving end of zero-day exploits (up from 51 percent in 2021.)
“Zero-days are expensive to make and once they’re used, they’re not as useful again,” said Rick McElroy, principal cybersecurity strategist at VMware. “Nationstates are therefore prime drivers behind the zero-day market, particularly during saber-rattling moments like this.”
Intriguingly, lateral movement was very much a feature of this year’s report, where miscreants can move around networks, dodge security teams and leverage other platforms and attack methods.
VMware cybersecurity strategist Karen Worstell noted, “Lateral movement has always been with us,” but went on to note that as hypervisors run more and more workloads, traffic did not move through the network as it once did. “This means that unless system and organization controls are equipped to see the lateral movement between workloads and containers on the hypervisor, security teams are sailing blind in the storm.”
Lateral movement is very much the new battleground as far as VMware’s findings are concerned. It cropped up in a quarter of attacks. “Dual-use tools – system tools and legitimate software that can be abused by attackers – leveraged for this purpose went up across the board,” said VMware. 49 percent of those attacks were using script hosts while 46 percent went with file storage and synchronization tools (VMware cited Google Drive and OneDrive as examples.)
“This latter finding signals a troubling lack of visibility into cloud storage platforms,” the virtualization outfit noted.
And ransomware? 60 percent of respondents had experienced an attack in the past 12 months.
Still, it wasn’t all doom and gloom. Security teams are apparently getting better at fighting the tide of incursions, with 75 percent of organizations employing virtual patching as an emergency mechanism and 90 percent of respondents reckoning they were up to disrupting the activities of a miscreant.
Burnout, however, remained an issue for surveyed infosec pros. While VMware found that organizations had taken steps to address the problem, 47 per cent of respondents reported burnout or extreme stress in the last 12 months. This was down on 2021’s 51 per cent, but still not great (and 69 percent of individuals experiencing symptoms had considered quitting as a result.)
More flexible hours, further education and therapy were highlighted as the most helpful methods deployed to deal with the issue.
The waters remain choppy. Ransomware has become cyber extortion, new variants of existing malware keep cropping up and new endpoints (such as APIs and containers) are proving an enticing target.
Still, as VMware noted, “defenders have proven that if they continually learn and adapt to new conditions, they can successfully weather the storm.” ®