Cybercriminals Manipulate Reality via Integrity and Destructive Attacks, VMware Report Finds
At Black Hat USA 2021, VMware released its seventh annual Global Incident Response Threat Report, highlighting a significant rise in destructive cyberattacks facilitated by advanced techniques. Key findings revealed that 64% of respondents noted partnerships between ransomware groups, while 51% of defenders reported extreme stress and burnout. The report also emphasized the importance of cloud security, with 43% of attacks targeting cloud workloads. The ongoing nexus between cybercriminals and nation-states further complicates the threat landscape, demanding immediate action for effective defense strategies.
- 64% of respondents noted partnerships between ransomware groups, indicating heightened collaboration among cybercriminals.
- 81% of defenders are open to utilizing active defense strategies in the next 12 months, signaling a proactive approach to security.
- 43% of respondents reported that over a third of attacks were aimed at cloud workloads, underlining the need for cloud security tools.
- 51% of cybersecurity professionals experience extreme stress or burnout, which could hinder effective incident response.
- Destructive/integrity attacks are now experienced more than 50% of the time by targeted victims, indicating increasing attack sophistication.
- The rise of 'Chronos attacks,' noted by nearly 60% of respondents, shows the evolution of threat techniques employed by cybercriminals.
At Black Hat USA 2021, VMware, Inc. (NYSE: VMW) released its seventh annual Global Incident Response Threat Report, which analyzes how attackers are manipulating reality to reshape the modern threat landscape. The report found a drastic rise in destructive attacks, where adversaries deploy advanced techniques to deliver more targeted, sophisticated attacks that distort digital reality, be it via business communications compromise (BCC) or the manipulation of time.
(Graphic: Business Wire)
“Today, we’re seeing a nexus between nation-states and cybercriminals continue to rapidly advance the development of increasingly sophisticated and destructive cyberattacks, combined with the broadening of the attack surface as a result of COVID-19,” says Tom Kellermann, head of cybersecurity strategy, VMware. “The digital and physical worlds have converged, and everything can be manipulated by modern-day attackers. The reality is that first adopters of advanced technologies, such as artificial intelligence and machine learning, are often cybercriminals on the dark web and in nation-states intelligence communities.”
Defenders are struggling to counter these complex attacks and gain visibility into new environments, such as the cloud, containers, and business communication applications. The report found that defenders are also grappling with mental health concerns and heightened job expectations, with
“Burnout is a huge issue with incident response teams, who are handling a spike in engagements in what is still a largely remote environment,” says Rick McElroy, principal cybersecurity strategist at VMware. “It only further underscores the need for leaders to build resilient teams, whether that means considering rotations of work, empowering individuals to take mental health days, or any number of other initiatives aimed at nurturing personal growth and development.”
Additional key findings from the 2021 Global Incident Response Threat Report include:
-
The nexus between nation-states and e-crime heightens the threat landscape and exploit vulnerabilities: Among those who have encountered ransomware attacks in the past year,
64% witnessed affiliate programs and/or partnerships between ransomware groups. Defenders are also looking for new ways to fight back:81% said they are willing to leverage active defense in the next 12 months. -
Advanced techniques are being used to make attacks more destructive and targeted: Respondents indicate that targeted victims now experience destructive/integrity attacks more than
50% of the time. Cybercriminals are achieving this through emerging techniques, like the manipulation of time stamps, or Chronos attacks, which nearly60% of respondents have observed. Catalyzed by the shift to remote work,32% of respondents also experienced adversaries leveraging business communication platforms to move around a given environment and launch sophisticated attacks. -
With cloud-jacking on the rise, cloud security remains a top priority: Following the rush to cloud technology amid the pandemic, cybercriminals have continued to exploit these environments. Nearly half (
43% ) of respondents said more than a third of attacks were targeted at cloud workloads, with almost a quarter (22% ) saying more than half were. For this reason, 6 in 10 respondents said cloud security tools are their top priority to implement.
For more information on the evolving threat landscape as well as actionable guidance and recommendations for incident responders and security teams, download the full report here.
Methodology
VMware conducted an online survey about trends in the incident response landscape in May and June 2021, with 123 cybersecurity and incident response professionals from around the world participating in the study. Percentages in certain questions exceed
VMware at Black Hat USA 2021
VMware will discuss the findings from this report and other key security topics in the virtual sessions listed below. Visit our virtual Black Hat USA 2021 booth, and follow along with us on social @VMwareNews and in the VMware Newsroom.
Exposing Vulnerabilities in Kubernetes
Wednesday, August 4 at 8:00 am PT
Daniel Shapira, senior staff researcher
Enemy Inside the Gates: 2020 Threat Landscape Key Findings
Wednesday, August 4 at 10:50 AM PT
Chad Skipper, global security technologist
Giovanni Vigna, senior director of threat intelligence
Disrupting Ransomware and Dismantling the Cybercrime Ecosystem
Wednesday, August 4 at 1:10 pm PT
Tom Kellermann, head of cybersecurity strategy
Rick McElroy, principal cybersecurity strategist
Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros
Wednesday, August 4 at 1:30 pm PT
Giovanni Vigna, senior director of threat intelligence
Stafano Ortolani, threat researcher
Security Hygiene for DevOps
Thursday, August 5 at 10:50 am PT
Ram Akuka, product manager, Security Business Unit
David Zendzian, global field CISO, VMware Tanzu
Exposing Vulnerabilities in Kubernetes
On-demand
Daniel Shapira, senior staff researcher
About VMware
VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact. For more information, please visit https://www.vmware.com/company.html
View source version on businesswire.com: https://www.businesswire.com/news/home/20210802005148/en/
FAQ
What is the Global Incident Response Threat Report from VMW?
What were the key findings in VMW's 2021 Threat Report?
How does VMW's report assess the current threat landscape?
What percentage of cybersecurity professionals reported stress in VMW's report?
What proactive measures are defenders considering according to VMW's report?
