Thursday, March 28

APIs are the new endpoint and lateral movement is the new battlefield



New VMware report warns of deepfake attacks and cyber extortion

At Black Hat USA 2022, VMware, Inc. released its eighth annual Global Incident Response Threat Report, which takes an in-depth look at the challenges security teams are facing amid pandemic outages, attrition, and cyber attacks for geopolitical reasons. 65% of security professionals say that cyber attacks have increased since Russia invaded Ukraine, according to the report’s results. The report also highlights emerging threats such as deepfakes, API attacks, and cybercriminals targeting the perpetrators themselves.
“Cybercriminals are now incorporating deepfakes into their attack methods to evade security controls,” said Rick McElroy, principal cybersecurity strategist at VMware. “Two in three respondents to our report saw malicious deepfakes being used as part of an attack, a 13% increase from last year, with email the primary delivery method. Cybercriminals have evolved beyond the use of synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment.”

Other key findings of the report are

  • Cyber ​​professional burnout remains a critical issue. 47% of incident responders said they had experienced burnout or extreme stress in the past 12 months, down slightly from 51% last year. Of this group, 69% (up from 65% in 2021) of respondents have considered leaving their job as a result. However, organizations are working to combat this, with more than two-thirds of respondents saying their workplaces have implemented wellness programs to address burnout.
  • Ransomware actors incorporate cyber extortion strategies. The prevalence of ransomware attacks, often reinforced by the collaboration of cybercrime groups on the dark web, has not yet diminished. 57% of respondents have encountered such attacks in the last 12 months, and two-thirds (66%) have encountered affiliate programs and/or partnerships between ransomware groups, as major cyber cartels continue to extorting organizations through double extortion techniques, data auctions and blackmail.
  • APIs are the new endpoint, representing the next frontier for attackers. As workloads and applications proliferate, 23% of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42% of respondents in the last year), SQL and API injection attacks (37% and 34%, respectively), and deny attacks service distributed (33%).
  • Lateral movement is the new battlefield. Lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from script hosts (49%) and file storage (46%) to PowerShell (45%), enterprise communications platforms (41%) and .NET (39%) to poke around in networks. An analysis of telemetry within VMware Contexa, a high-fidelity threat intelligence cloud built into VMware security products, found that in April and May 2022 alone, nearly half of intrusions contained a lateral movement event. .
Also Read  Germany raises alarm level over Russian gas crisis

“To defend against the growing attack surface, security teams need the right level of visibility into workloads, devices, users, and networks to detect, protect, and respond to cyber threats,” said Chad Skipper, technologist VMware Global Security. “When security teams are making decisions based on incomplete and inaccurate data, their ability to implement a granular security strategy is inhibited, while their efforts to detect and stop the lateral movement of attacks are hampered due to the limited context of their systems.”

Despite the turbulent threat landscape and growing threats detailed in the report, incident responders are fighting back, with 87% saying they are able to disrupt a cybercriminal’s activities sometimes (50%) or very often (37%). They are also using new techniques to do so. Three quarters of respondents (75%) say they now deploy virtual patches as a fallback mechanism. In all cases, the more visibility defenders have of today’s growing attack surface, the better equipped they are to weather the storm.

For more information on the evolving threat landscape, as well as practical guidance and recommendations for incident responders and security teams, download the full report here. Requires registration.






diarioti.com

Leave a Reply

Your email address will not be published. Required fields are marked *