2018 dubbed 'year of the next-gen cyber attack' amid rising geopolitical tension, says Carbon Black report
According to a global security report released in January this year, a new breed of cyber attacks, seemingly fuelled by geopolitical tensions between Western democracies and countries including China, Russia and North Korea, is emerging. This, against a background in which crypto-mining, fileless attacks, ransomware and commodity malware are still causing havoc.
An effective endpoint security system is necessary to protect devices connected to the corporate network, including smartphones, PCs, the Internet of things (IOT) devices and laptops, from malicious threats.
The 'Global Threat Report: The Year of the Next-Gen Cyberattack', was released by Carbon Black, a leader in cloud-delivered, next-generation endpoint security. The report is based on analysis and insight from the Carbon Black Threat Analysis Unit, which researched cyber attacks across the company's customer base and in conjunction with its incident response (IR) partners. On average, according to Carbon Black, the company's IR partners conduct more than one incident response engagement per day using Carbon Black technology.
The report says: "Modern cyber attacks appear to be increasingly fuelled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected, using techniques such as lateral movement, island hopping and counter-incident response to stay invisible. According to Carbon Black's threat research, we believe 2019 promises to be a year where endpoint visibility becomes more paramount than ever as attackers continue to evolve and global tensions increase."
From a geopolitical perspective, the report notes that, as 2018 came to a close, nearly half of all global attacks had originated from China and Russia, according to data provided by Carbon Black's IR partners. In the third quarter alone, 47 out of 113 incident responses had emanated from these countries.
Towards the end of 2018, the data also revealed several cyber attacks targeting global governments that had included indicators of compromise attributable to North Korea. Further, Iran and Brazil were mentioned in the report as countries of origin for recent attacks.
Anton Jacobsz, CEO of value-added distributor Networks Unlimited Africa, a vendor partner with Carbon Black in sub-Saharan Africa, said: "The new role of cyber attacks as a weapon between nations has created new battlefronts in the global landscape. For example, between 2011 and 2013, American banks were targeted by DDOS attacks from Iran, and these cyber attacks virtually stopped when negotiations began to lift economic sanctions on Iran in exchange for an end to its nuclear weapons programme. Many believe that with the Iran nuclear deal of 2015 now under threat by current US policy, we could see a return of this kind of activity.^1"
Other key facts released by the 'Global Threat Report: The Year of the Next-Gen Cyberattack' include the following:
* The average endpoint protected by Carbon Black was targeted by two cyber attacks per month throughout 2018. At this rate, an organisation with 10 000 endpoints is estimated to see more than 660 attempted cyber attacks per day. Across the Carbon Black customer footprint (totalling approximately 15 million global endpoints), this means there are, on average, one million attempted cyber attacks per day.
* The top industries targeted by ransomware in 2018 were manufacturing, business services, retail, government and computers/electronics.
* Approximately $1.8 billion of crypto-currency-related thefts occurred in 2018.
* Half of incident response engagements now involve instances of counter-IR, when the attackers fight back against the defence measures taken. This, says Carbon Black, is "another concerning sign that attackers have become increasingly sophisticated and are initiating longer-term campaigns, as well as a clear signal that incident response must get stealthier".^2
* The report also found that more than half of attackers now use their victim primarily for a practice known as "island hopping", when attackers target organisations with the intention of accessing an affiliate's network.
* Nearly 60% of attacks now involve lateral movement, which means that attackers aren't just going after one component of an organisation: "They're getting in, moving around and seeking more targets as they go." ^3
* As nation-state cyber attackers become more sophisticated and powerful, their attacks are also becoming increasingly destructive. Carbon Black's respondents had said victims outlined in the report had experienced such attacks 32% of the time, to the extent that machines suspected by cyber attackers of being forensically analysed had been effectively wiped.
"We can plainly see the rise of new frontiers of opportunity in a world of geopolitical tension that is able to transcend physical borders through cyber means," concludes Jacobsz.
"As attackers continue to evolve and global tensions threaten to increase, the need for endpoint visibility and protection is going to become even more important than ever during this year and moving forward."
You can read the Carbon Black "Global Threat Report: The Year of the Next-Gen Cyberattack" here.