Virtualization Technology News and Information
VMblog Expert Interview: VMware Talks Seventh Annual Global IR Threat Report

interview vmware kellermann 

VMware recently released their seventh annual Global Incident Response Threat Report which analyzes how attackers are manipulating reality to reshape the modern threat landscape.

The report found a drastic rise in destructive attacks, where adversaries deploy advanced techniques to deliver more targeted, sophisticated attacks that distort digital reality.

To learn more, VMblog spoke with Tom Kellermann, Head of Cybersecurity Strategy at VMware.

VMblog:  This is the seventh annual Global IR Threat Report from VMware, what were some of the most surprising findings that varied from years past?

Tom Kellermann:  With remote work becoming the new way of life due to COVID-19, organizations around the world were pushed to quickly adopt telework and cloud technology. As a result, cybercriminals exploited these environments, delivering an increased amount of destructive attacks. Within this year's Global IR Threat Report, 43% of respondents said more than one-third of attacks were targeted at cloud workloads. Increasingly, attackers are using the cloud to island-hop along the victim's supply chain. The report revealed 49% of all attacks witnessed by respondents targeted them via island hopping. If 2020 was the year of island hopping, we should expect 2021 to be the year cloud-jacking through public clouds goes mainstream due to the mass migrations to public clouds to support distributed workforces.

VMblog:  This survey found that victims now experience integrity and destructive attacks more than 50% of the time.  What does that tell us about the threat landscape today?

Kellermann:  A broadened attack surface, weaponization of new technologies, and the industrialization of e-crime continue to reshape the modern threat landscape. We are now living in a world where the goal of modern attackers is no longer just to steal money from potential victims but to distort their digital reality and commandeer their digital transformation. This is being done through a number of emerging threat techniques such as time-stamp manipulation and business communication compromise. Our report found that nearly 60% of respondents observed adversaries manipulating timestamps in order to disrupt incident response. This Chronos attack will evolve to inevitably disrupt business operations. Similarly, as business communication platforms like Microsoft Teams or Slack rose to prominence during COVID-19, attackers leveraged these platforms to facilitate lateral movement. The threat landscape has become more punitive. 

VMblog:  Given the threat landscape, what should be top of mind for CISOs and security leaders looking to take security to the next level?

Kellermann:  In the face of this new threat landscape, the defensive mindset must start at the top. 2021 has been the year of the CISO, as we are beginning to see organizations prioritize cybersecurity. But if your CISO is still reporting to your CIO and not your CEO, your organization isn't taking security seriously. It should come as no surprise that defenders, despite their best efforts, are struggling to counter these complex attacks and gain visibility into new environments such as the cloud, containers, and business communication applications. Implementing cyber vigilance within an organization will be key for CISOs to protect their environments properly.

Security must expand across all workloads, containers, and Kubernetes environments. Applying micro-segmentation slows down the adversary's ability to move laterally within the organization, which is known to cause extensive damage. Lastly, CISOs and security leaders must activate an internal threat hunting program that is deployed on a weekly basis. If implemented across all employee devices, this program can detect behavioral abnormalities, as adversaries can maintain in an organization's system for an unknown amount of time.

VMblog:  If 2021 has been the year of mainstream public cloud-jacking, where do you see the threat landscape in 2022 and beyond?

Kellermann:  Looking to 2022 and beyond, I believe adversaries will continue to expose new platforms' vulnerabilities, weaponize new technologies such as malicious deep fakes, and deploy advanced techniques to deliver integrity attacks that are more targeted and destructive than ever before. I also believe that in the near future, we'll see a SolarWinds-style attack that will deliver destructive payloads from a major public cloud environment, most likely driven by geopolitical tensions. But if security teams remain vigilant and continue to adapt their defenses, then defenders have a fighting chance against tomorrow's threats.

VMblog:  Are there any specific industries that you feel will be more severely impacted by the rise in cybercrime compared to others?

Kellermann:  As geopolitical tensions intensify, destructive attacks against ICS environments in the manufacturing, transportation, and energy sectors could escalate, as seen in the Colonial Pipeline attack. In turn, new, destructive malware specific to ICS infrastructure will become a hot commodity on the dark web. A recent report from the Foundation for Defense of Democracies (FDD) suggests that the cost of a major cyberattack on a critical U.S. service provider or utility could cost over $80 billion. This is as much, if not more, than a natural disaster such as a hurricane. In 2020 and early 2021, we unfortunately saw a large number of attacks on industries that were hit hard by the pandemic such as hospital systems, school systems and local government agencies. This could continue as the Delta variant accounts for most of the recent cases in the US, driving up hospitalizations as well as threatening the chance of school districts reopening for in-person learning in the fall.

VMblog:  This report sounds extremely useful.  Where can readers go to get their hand on the final results to learn more?

Kellermann:  To learn more from our Global IR Threat Report, readers can download the report, as well as read about it in our recent blog post. Readers should also feel free to follow VMware (@vmw_carbonblack) and myself on Twitter (@TAKellermann) where we frequently share highlights and expert insight from our recent research.


Published Friday, August 13, 2021 7:32 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2021>