BY: Sandra Ani
According to a global security report released in January this year, a new breed of cyberattacks, seemingly fuelled by geopolitical tension between western democracies and countries including China, Russia and North Korea, is emerging – this against a background in which cryptomining, fileless attacks, ransomware and commodity malware are still causing havoc.
An effective endpoint security system is necessary to protect devices connected to the corporate network, including smartphones, PCs, IoT devices and laptops, from malicious threats.
The Global Threat Report, entitled ‘The Year of the Next-Gen Cyberattack’, was released by Carbon Black, a leader in cloud-delivered, next-generation endpoint security.
The report is based on analysis and insight from the Carbon Black Threat Analysis Unit, which researched cyberattacks across the company’s customer base and in conjunction with its incident response (IR) partners.
On average, according to Carbon Black, the company’s IR partners conduct more than one incident response engagement per day using Carbon Black technology.
The report says: “Modern cyberattacks appear to increasingly be fuelled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected – using techniques such as lateral movement, island hopping and counter incident response to stay invisible. According to Carbon Black’s threat research, we believe 2019 promises to be a year where endpoint visibility becomes more paramount than ever as attackers continue to evolve and global tensions increase.”
From a geopolitical perspective, the report notes that, as 2018 came to a close, nearly half of all global attacks had originated from China and Russia, according to data provided by Carbon Black’s IR partners. In the third quarter alone, 47 out of 113 incident responses had emanated from these countries.
Toward the end of 2018, the data also revealed several cyberattacks targeting global governments that had included indicators of compromise attributable to North Korea. Further, Iran and Brazil were mentioned in the report as countries of origin for recent attacks.
The CEO of value-added distributor Networks Unlimited Africa, Anton Jacobsz; a vendor partner with Carbon Black in sub-Saharan Africa, said, “The new role of cyberattacks as a weapon between nations has created new battle fronts in the global landscape. For example, between 2011 and 2013, American banks were targeted by DDoS attacks from Iran, and these cyberattacks virtually stopped when negotiations began to lift economic sanctions on Iran in exchange for an end to its nuclear weapons programme.
“Many believe that with the Iran nuclear deal of 2015 now under threat by current United States policy, we could see a return of this kind of activity.
Other key facts released by the ‘Global Threat Report: The Year of the Next-Gen Cyberattack’ include the following:
· The average endpoint protected by Carbon Black was targeted by two cyberattacks per month throughout 2018. At this rate, an organisation with 10,000 endpoints is estimated to see more than 660 attempted cyberattacks per day. Across the Carbon Black customer footprint (totalling approximately 15 million global endpoints) this means there are, on average, one million attempted cyberattacks per day.
· The top industries targeted by ransomware in 2018 were manufacturing, business services, retail, government and computers/electronics.
· Approximately $1.8 billion of cryptocurrency-related thefts occurred in 2018.
· Half of incident response engagements now involve instances of counter incident response, when the attackers fight back against the defence measures taken.
This, says Carbon Black, is “another concerning sign that attackers have become increasingly sophisticated and are initiating longer-term campaigns – as well as a clear signal that incident response must get stealthier.”
· The report also found that more than half of attackers now use their victim primarily for a practice known as ‘island hopping’, when attackers target organisations with the intention of accessing an affiliate’s network.
· Nearly 60 percent of attacks now involve lateral movement, which means that attackers aren’t just going after one component of an organisation: “They’re getting in, moving around and seeking more targets as they go.”
· As nation-state cyberattackers become more sophisticated and powerful, their attacks are also becoming increasingly destructive. Carbon Black’s respondents had said victims outlined in the report had experienced such attacks 32 percent of the time, to the extent that machines suspected by cyberattackers of being forensically analysed had been effectively wiped.
“We can plainly see the rise of new frontiers of opportunity in a world of geopolitical tension that is able to transcend physical borders through cyber means. As attackers continue to evolve and global tensions threaten to increase, the need for endpoint visibility and protection is going to become even more important than ever during this year and moving forward,” concludes Jacobsz.
You can read the Carbon Black ‘Global Threat Report: The Year of the Next-Gen Cyberattack’ here.