VMware Report Warns of Deepfake Attacks and Cyber Extortion

Rhea-AI Summary

VMware released its Global Incident Response Threat Report at Black Hat USA 2022, highlighting the impact of the ongoing conflict in Ukraine on cyberattacks, with 65% of security teams noting an increase.

The report reveals a rise in deepfakes as a cyber threat, with 67% of respondents experiencing attacks utilizing this method. Notable statistics include 47% of responders reporting burnout, 57% facing ransomware attacks, and 23% of attacks compromising API security. The findings emphasize the necessity for improved visibility and proactive defense strategies.

Positive

• 87% of incident responders reported successfully disrupting cybercriminal activities.
• 75% of respondents are now using virtual patching as an emergency measure.

Negative

• 47% of incident responders have experienced burnout or extreme stress.
• 57% of respondents encountered ransomware attacks in the past 12 months.

Burned out security teams fight back against geopolitically motivated attacks and lateral movement inside networks

PALO ALTO, Calif.--(BUSINESS WIRE)-- At Black Hat USA 2022, VMware, Inc. (NYSE: VMW) released its eighth annual Global Incident Response Threat Report, which takes a deep dive into the challenges faced by security teams amid pandemic disruptions, burnout, and geopolitically motivated cyberattacks. Sixty-five percent of defenders state that cyberattacks have increased since Russia invaded Ukraine, according to report findings. The report also shines a light on emerging threats such as deepfakes, attacks on APIs, and cybercriminals targeting incident responders themselves.

“Cybercriminals are now incorporating deepfakes into their attack methods to evade security controls,” said Rick McElroy, principal cybersecurity strategist at VMware. “Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase from last year, with email as the top delivery method. Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment.”

Additional key findings from the report include:

• Cyber pro burnout remains a critical issue. Forty-seven percent of incident responders said they experienced burnout or extreme stress in the past 12 months, down slightly from 51% last year. Of this group, 69% (versus 65% in 2021) of respondents have considered leaving their job as a result. Organizations are working to combat this, however, with more than two-thirds of respondents stating their workplaces have implemented wellness programs to address burnout.
• Ransomware actors incorporate cyber extortion strategies. The predominance of ransomware attacks, often buttressed by e-crime groups’ collaborations on the dark web, has yet to let up. Fifty-seven percent of respondents have encountered such attacks in the past 12 months, and two-thirds (66%) have encountered affiliate programs and/or partnerships between ransomware groups as prominent cyber cartels continue to extort organizations through double extortion techniques, data auctions, and blackmail.
• APIs are the new endpoint, representing the next frontier for attackers. As workloads and applications proliferate, 23% of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42% of respondents in the past year), SQL and API injection attacks (37% and 34%, respectively), and distributed Denial-of-Service attacks (33%).
• Lateral movement is the new battleground. Lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from script hosts (49%) and file storage (46%) to PowerShell (45%), business communications platforms (41%), and .NET (39%) to rummage around inside networks. An analysis of the telemetry within VMware Contexa, a full-fidelity threat intelligence cloud that’s built into VMware security products, discovered that in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event.

“In order to defend against the broadening attack surface, security teams need an adequate level of visibility across workloads, devices, users and networks to detect, protect, and respond to cyber threats,” said Chad Skipper, global security technologist at VMware. “When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems.”

Despite the turbulent threat landscape and rising threats detailed in the report, incident responders are fighting back with 87% saying that they are able to disrupt a cybercriminal’s activities sometimes (50%) or very often (37%). They’re also using new techniques to do so. Three-quarters of respondents (75%) say they are now deploying virtual patching as an emergency mechanism. In every case, the more visibility defenders have across today’s widening attack surface, the better equipped they’ll be to weather the storm.

For more information on the evolving threat landscape as well as actionable guidance and recommendations for incident responders and security teams, download the full report here.

Methodology

VMware conducted an online survey about trends in the incident response landscape in June 2022, and 125 cybersecurity and incident response professionals from around the world participated. Percentages in certain questions exceed 100 percent because respondents were asked to check all that apply. Due to rounding, percentages in all questions may not add up to 100 percent. To read last year’s report, please visit Global Incident Response Threat Report: Manipulating Reality.

VMware at Black Hat USA 2022

VMware will discuss the findings from this report and other key security topics in the sessions listed below. Visit us at our Black Hat booth #1620, and follow along with us on social @VMwareNews and in the VMware Newsroom

Why Workloads Are More Secure on VMware Clouds
Wednesday, August 10 at 1:50 pm PT
Chad Skipper, Global Security Technologist
Stefano Ortolani, Threat Research Lead

Exposing Malware in a Linux-based Multi-Cloud Environment
On-demand
Dale McKay, Senior Technical Marketing Architect

Black Hat Interview with Tom Gillis

Black Hat Article by Giovanni Vigna and Stefano Ortolani

VMware Explore

In addition to VMware’s presence at Black Hat USA 2022, there will be more than 100 security talks at VMware Explore, the global multi-cloud industry event taking place August 29 – September 1, 2022 at Moscone Center in San Francisco. Register today to begin building your agenda.

About VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda. For more information, please visit www.vmware.com/company.

VMware and VMware Contexa are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions. This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220808005186/en/

Kerry Tuttle

VMware Global Communications

ktuttle@vmware.com

(470) 247-1987

Jessica Bettencourt

Inkhouse

jbettencourt@inkhouse.com

(774) 451-5142

Source: VMware, Inc.

FAQ

What were the key findings of VMware's Global Incident Response Threat Report 2022?

VMware's report highlighted increased cyberattacks since the Ukraine invasion, including a rise in deepfakes and a prevalence of ransomware. 87% of responders manage to disrupt cybercriminals.

How has the conflict in Ukraine affected cybersecurity according to VMware?

According to VMware, 65% of security teams reported an increase in cyberattacks following Russia's invasion of Ukraine.

What percentage of cybersecurity professionals reported burnout in VMware's report?

In VMware's report, 47% of incident responders reported experiencing burnout or extreme stress.

Which security threats increased according to VMware's 2022 report?

VMware's report indicated an increase in threats such as deepfakes, ransomware attacks, and API security breaches.

How does VMware suggest improving cybersecurity defenses?

VMware emphasizes the need for enhanced visibility across workloads, devices, and networks to effectively detect and respond to cyber threats.