- At Black Hat USA 2022, VMware released its eighth annual Global Incident Response Threat Report, which pinpoints deepfake attacks and cyber extortion.
- 65% of defenders and incident responders state that cyberattacks have increased since Russia invaded Ukraine, according to report findings.
- 75% of respondents say they are now deploying virtual patching as an emergency mechanism, a relatively new technique to fight against attacks.
VMware published its eighth annual Global Incident Response Threat Report at Black Hat USA 2022. The report includes detailed information about the cyber attacks amid pandemic disruptions, burnout, and geopolitically motivated cyberattacks. The report also pinpoints emerging threats, including deepfakes, attacks on APIs, and cybercriminals targeting incident responders themselves.
Trends in the incident response landscape
In the online survey about trends in the incident response landscape in June 2022, 125 cybersecurity and incident response professionals from around the world participated. In some questions, the percentage can exceed 100% since they were asked to check all that apply.
According to the results, they stated that they are fighting back with 87% saying that they are able to disrupt a cybercriminal’s activities sometimes (50%) or very often (37%). 75% of respondents said that they are deploying virtual patching as an emergency mechanism. Additional key findings from the report include:
- Cyber pro burnout remains a critical issue. 47% of incident responders said they experienced burnout or extreme stress in the past 12 months, down slightly from 51% last year. Of this group, 69% (versus 65% in 2021) of respondents have considered leaving their job as a result. Organizations are working to combat this, however, with more than two-thirds of respondents stating their workplaces have implemented wellness programs to address burnout.
- Ransomware actors incorporate cyber extortion strategies. The predominance of ransomware attacks, often buttressed by e-crime groups’ collaborations on the dark web, has yet to let up. Fifty-seven percent of respondents have encountered such attacks in the past 12 months, and two-thirds (66%) have encountered affiliate programs and/or partnerships between ransomware groups as prominent cyber cartels continue to extort organizations through double extortion techniques, data auctions, and blackmail.
- APIs are the new endpoint, representing the next frontier for attackers. As workloads and applications proliferate, 23% of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42% of respondents in the past year), SQL and API injection attacks (37% and 34%, respectively), and distributed Denial-of-Service attacks (33%).
- Lateral movement is the new battleground. Lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from script hosts (49%) and file storage (46%) to PowerShell (45%), business communications platforms (41%), and .NET (39%) to rummage around inside networks. An analysis of the telemetry within VMware Contexa, a full-fidelity threat intelligence cloud that’s built into VMware security products, discovered that in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event.
Rick McElroy, principal cybersecurity strategist at VMware said,
« Cybercriminals are now incorporating deepfakes into their attack methods to evade security controls. Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase from last year, with email as the top delivery method. Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment. »