Editorial

Deepfake attacks and cyber extortion on the rise

Burned out security teams fight back against geopolitically motivated attacks and lateral movement inside networks, warns new VMware report

Posted 8 August 2022 by Christine Horton


Cyberattacks have increased since Russia invaded Ukraine, according to a new report released today.

VMware’s annual Global Incident Response Threat Report notes that 65 percent of security teams have reported an increase in attacks.

The report also shines a light on emerging threats such as deepfakes, attacks on APIs, and cybercriminals targeting incident responders themselves.

“Cybercriminals are now incorporating deepfakes into their attack methods to evade security controls,” said Rick McElroy, principal cybersecurity strategist at VMware.

“Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13 percent increase from last year, with email as the top delivery method. Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organisations and gain access to their environment.”

Cyber pro burnout remains a critical issue

Forty-seven percent of incident responders said they experienced burnout or extreme stress in the past 12 months, down slightly from 51 percent last year. Of this group, 69 percent (versus 65 percent in 2021) of respondents have considered leaving their job as a result. Organisations are working to combat this, however, with more than two-thirds of respondents stating their workplaces have implemented wellness programmes to address burnout.

Ransomware actors incorporate cyber extortion strategies

The predominance of ransomware attacks, often buttressed by e-crime groups’ collaborations on the dark web, has yet to let up. Fifty-seven percent of respondents have encountered such attacks in the past 12 months, and two-thirds (66 percent) have encountered affiliate programs and/or partnerships between ransomware groups as prominent cyber cartels continue to extort organisations through double extortion techniques, data auctions, and blackmail.

APIs are the new endpoint, representing the next frontier for attackers

As workloads and applications proliferate,23 percent of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42 percent of respondents in the past year), SQL and API injection attacks (37 percent and 34 percent, respectively), and distributed Denial-of-Service attacks (33 percent).

Lateral movement is the new battleground

Lateral movement was seen in 25 percent of all attacks, with cybercriminals leveraging everything from script hosts (49 percent) and file storage (46 percent) to PowerShell (45 percent), business communications platforms (41 percent), and .NET (39 percent) to rummage around inside networks. An analysis of the telemetry within VMware Contexa, a full-fidelity threat intelligence cloud that’s built into VMware security products, discovered that in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event.

 “In order to defend against the broadening attack surface, security teams need an adequate level of visibility across workloads, devices, users and networks to detect, protect, and respond to cyber threats,” said Chad Skipper, global security technologist at VMware.

“When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems.”

Despite the turbulent threat landscape and rising threats detailed in the report, incident responders are fighting back with 87 percent saying that they are able to disrupt a cybercriminal’s activities sometimes (50 percent) or very often (37 percent). They’re also using new techniques to do so. Three-quarters of respondents (75 percent) say they are now deploying virtual patching as an emergency mechanism. In every case, the more visibility defenders have across today’s widening attack surface, the better equipped they’ll be to weather the storm.