VMware recently released their seventh annual Global Incident Response Threat Report which analyzes how attackers are manipulating reality to reshape the modern threat landscape.
The report found a drastic rise in destructive attacks, where adversaries deploy advanced techniques to deliver more targeted, sophisticated attacks that distort digital reality.
To learn more, VMblog spoke with Tom Kellermann, Head of Cybersecurity Strategy at VMware.
VMblog: This is the seventh annual Global IR Threat Report
from VMware, what were some of the most surprising findings that varied
from years past?
Tom Kellermann: With remote work becoming the new way of life
due to COVID-19, organizations around the world were pushed to quickly adopt
telework and cloud technology. As a result, cybercriminals exploited these
environments, delivering an increased amount of destructive attacks. Within
this year's Global IR Threat Report, 43% of respondents
said more than one-third of attacks were targeted at cloud workloads.
Increasingly, attackers are using the cloud to island-hop along the victim's
supply chain. The report revealed 49% of all attacks witnessed by respondents
targeted them via island hopping. If 2020 was the year of island hopping, we
should expect 2021 to be the year cloud-jacking through public clouds goes
mainstream due to the mass migrations to public clouds to support distributed
workforces.
VMblog: This survey found that victims now experience
integrity and destructive attacks more than 50% of the time. What does
that tell us about the threat landscape today?
Kellermann: A broadened attack surface, weaponization of
new technologies, and the industrialization of e-crime continue to reshape the
modern threat landscape. We are now living in a world where the goal of modern
attackers is no longer just to steal money from potential victims but to
distort their digital reality and commandeer their digital transformation. This
is being done through a number of emerging threat techniques such as time-stamp
manipulation and business communication compromise. Our report found that
nearly 60% of respondents observed adversaries manipulating timestamps in order
to disrupt incident response. This Chronos attack will evolve to inevitably
disrupt business operations. Similarly, as business communication platforms
like Microsoft Teams or Slack rose to prominence during COVID-19, attackers
leveraged these platforms to facilitate lateral movement. The threat landscape
has become more punitive.
VMblog: Given the threat landscape, what should be top of
mind for CISOs and security leaders looking to take security to the next
level?
Kellermann: In the face of this new threat landscape, the
defensive mindset must start at the top. 2021 has been the year of the CISO, as
we are beginning to see organizations prioritize cybersecurity. But if your
CISO is still reporting to your CIO and not your CEO, your organization isn't
taking security seriously. It should come as no surprise that defenders,
despite their best efforts, are struggling to counter these complex attacks and
gain visibility into new environments such as the cloud, containers, and
business communication applications. Implementing cyber vigilance within an
organization will be key for CISOs to protect their environments properly.
Security must expand across all workloads,
containers, and Kubernetes environments. Applying micro-segmentation slows down
the adversary's ability to move laterally within the organization, which is
known to cause extensive damage. Lastly, CISOs and security leaders must activate
an internal threat hunting program that is deployed on a weekly basis. If
implemented across all employee devices, this program can detect behavioral
abnormalities, as adversaries can maintain in an organization's system for an
unknown amount of time.
VMblog: If 2021 has been the year of mainstream public
cloud-jacking, where do you see the threat landscape in 2022 and beyond?
Kellermann: Looking to 2022 and beyond, I believe
adversaries will continue to expose new platforms' vulnerabilities, weaponize
new technologies such as malicious deep fakes, and deploy advanced techniques
to deliver integrity attacks that are more targeted and destructive than ever
before. I also believe that in the near future, we'll see a SolarWinds-style
attack that will deliver destructive payloads from a major public cloud
environment, most likely driven by geopolitical tensions. But if security teams
remain vigilant and continue to adapt their defenses, then defenders have a
fighting chance against tomorrow's threats.
VMblog: Are there any specific industries that you feel will
be more severely impacted by the rise in cybercrime compared to others?
Kellermann: As
geopolitical tensions intensify, destructive attacks against ICS environments
in the manufacturing, transportation, and energy sectors could escalate, as
seen in the Colonial Pipeline attack. In turn, new, destructive malware
specific to ICS infrastructure will become a hot commodity on the dark web. A
recent report from the Foundation for Defense
of Democracies (FDD) suggests that the cost of a major cyberattack on a
critical U.S. service provider or utility could cost over $80 billion. This is
as much, if not more, than a natural disaster such as a hurricane. In 2020 and
early 2021, we unfortunately saw a large number of attacks on industries that
were hit hard by the pandemic such as hospital systems, school systems and
local government agencies. This could continue as the Delta variant accounts
for most of the recent cases in the US, driving up hospitalizations as well as
threatening the chance of school districts reopening for in-person learning in
the fall.
VMblog: This report sounds extremely useful. Where can readers go to get their hand
on the final results to learn more?
Kellermann: To learn more from our Global IR Threat Report, readers
can download the report, as well as read
about it in our recent blog post. Readers should
also feel free to follow VMware (@vmw_carbonblack) and myself on
Twitter (@TAKellermann) where we
frequently share highlights and expert insight from our recent research.
##