VMware has recently released the 2022 edition of its annual Global Incident Response Threat Report. This report is based on feedback from 125 cyber security and incident response experts and outlines the most pervasive cybersecurity trends based on recent events.
It is critically important for IT professionals to understand these trends and what they could mean for your organization’s cyber security efforts. Let’s break down VMware’s 8 key findings and offer meaningful insights into each.
1. Lateral Movement is the New Battleground
VMware’s first finding was that attackers are increasingly using lateral movements in their quest to gain access to sensitive resources. According to VMware, such movements were observed in 25% of all attacks. These lateral movements often take advantage of the lack of visibility into cloud platforms while also leveraging management tools and legitimate software.
One of the best things that organizations can do to counter these types of attacks is to look for ways to improve overall visibility. After all, you can’t secure what you can’t monitor.
2. Deepfake attacks shot up 13 percent, with 66 percent of respondents now saying they witnessed them in the past 12 months
Deepfakes come in many different forms and often refer to AI generated videos that make it appear as though a person is doing something that they have not actually done. Such deepfake videos are sometimes the basis for cyber extortion scams.
In the case of the VMware report however, the term deepfake refers to messages (primarily email messages) that are designed so that they appear to come from a known person who is making a legitimate request. These messages may even be constructed in a way to mimic the purported sender’s writing style.
One of the best ways that organizations can fight back against deep fakes is through employee education. Employees must be taught to question any messages that seem to be outside of the norm. Aggressive message filtering can also help to thwart deepfakes.
3. Sixty-five percent of respondents said cyberattacks have increased since Russia invaded Ukraine
According to VMware, the number of cyber-attacks that have occurred have increased since Russia’s invasion of Ukraine. The key takeaway here is that world events can sometimes translate into increased cybersecurity risks.
As such, IT professionals should try to anticipate how such events might potentially impact their cyber security efforts.
4. Zero-day exploits were encountered by 62 percent of respondents in the past 12 months, an 11 percent increase from last year
Zero-day exploits can be hugely problematic for any organization since they are impossible to anticipate. The fact that such attacks are occurring with an increasing frequency is unsettling to say the least.
The most important thing to keep in mind about zero-day attacks is that such an attack typically cannot succeed unless the attacker manages to acquire the necessary permissions. As such, organizations must diligently protect user accounts and privileged accounts against compromise.
Specops Password Policy is one of the best tools available for protecting these accounts. Specops maintains a database of billions of passwords that are known to have been compromised. An organization’s passwords are constantly compared against this database as a way of making sure that none of the accounts have been compromised. If an account has been compromised, admins can act immediately, thereby locking out would-be attackers.
5. 23 % of attacks now compromise API security as these platforms emerge as a promising new endpoint for threat actors to exploit
The VMware study also found that attackers are increasingly exploiting APIs, as well as using tried and true techniques such as SQL injections.
One of the best things that organizations can do to minimize the risks of such attacks is to uninstall any unnecessary software. This reduces the attack surface, while also minimizing the chances of an API attack.
6. Nearly 60 percent of respondents experienced a ransomware attack in the past 12 months
Ransomware has been an ever-present threat for many years, so it is hardly surprising that VMware would include it on its list.
Organizations can work to prevent ransomware by educating end users and by adopting zero trust principles (particularly when it comes to user permissions). While minimizing user permissions won’t stop a ransomware attack from occurring, it will limit the amount of damage that ransomware can do. Ransomware cannot encrypt any data that the user who triggered the attack does not have access to.
7. IT professionals are fighting back
87 percent surveyed said they can disrupt a cybercriminal’s activities sometimes (50 percent) or very often (37 percent).
In the past it was nearly impossible to disrupt an active cyber-attack without resorting to drastic measures such as severing network connectivity. According to VMware, however, 75% of those surveyed have seen success with using virtual patching as an emergency mechanism.
Virtual patching, also known as vulnerability shielding, involves using a Web Application Firewall or similar tool to disrupt an attacker’s network path, thereby shielding the vulnerability.
8. IT burnout rates dropped slightly from last year but remain a critical issue
IT burnout is real and according to VMware nearly 70% of those who are experiencing IT burnout symptoms have considered leaving their jobs. Organizations must take employee burnout seriously since the resignation of key staff members could leave the organization is a precarious position.
Although IT is known for its workaholic culture, organizations must begin to accept that employee burnout can have serious consequences and strive to create a more realistic work / life balance.
Sponsored by Specops