Carbon Black releases 2019 global threat report
Endpoint security solutions provider Carbon Black has released its 2019 Global Threat Report: The Year of the Next-Gen Cyberattack. The report is based on analysis and insight from the Carbon Black Threat Analysis Unit (TAU), who researched the current state of cyber attacks across the Carbon Black customer base and in conjunction with the company's incident response (IR) partners, who conduct, on average, more than one incident response engagement per day using Carbon Black technology.
Billions of personal records were stolen in 2018, unearthed in breaches that successfully targeted household names in government, technology, healthcare, travel and hospitality.
Compounding the problem has been increased geopolitical tension between western democracies and countries like Russia, China and North Korea.
To better understand the current attack landscape as we head into 2019, the Carbon Black Threat Analysis Unit (TAU) researched the current state of cyber attacks across the Carbon Black customer base and in conjunction with its incident response (IR) partners. The report found that while cryptomining, fileless attacks, ransomware and commodity malware are still causing havoc, a new breed of cyber attacks (seemingly fuelled by geopolitical tension) is emerging. “Modern cyber attacks appear to increasingly be fuelled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected — using techniques such as lateral movement, island hopping and counter incident response to stay invisible,” the report notes. “According to Carbon Black's threat research, we believe 2019 promises to be a year where endpoint visibility becomes more paramount than ever as attackers continue to evolve and global tensions increase.
Among the key findings from the report include:
- Carbon Black customers, in aggregate, are seeing approximately 1 million attempted cyber attacks per day
- The top five industries targeted by cyber attacks in 2018, according to Carbon Black's global threat data, were: Computers/Electronics, Healthcare, Business Services, Internet/Software, and Manufacturing
- As 2018 came to a close, Carbon Black saw several cyber attacks targeting global governments that included indicators of compromise attributable to North Korea
- Approximately $1.8billion of cryptocurrency related thefts occurred in 2018
- Nearly 60% of attacks now involve lateral movement. Cybercriminals are continuing to hide in plain sight and move laterally leveraging non-malware / fileless attack methods. PowerShell, Windows Management Instrumentation (WMI) and Secure File Transfer Protocol (SSH) were the top three legitimate applications attackers were leveraging in 2018, according to data gathered from Carbon Black's IR partners.
- Half of incident response engagements now involve instances of counter incident response, another concerning sign that attackers have become increasingly sophisticated and are initiating longer-term campaigns — as well as a clear signal that incident response must get stealthier.
- Half of cyber attacks today use the victim primarily for island hopping – a term for the practice of infiltrating businesses that supply services to a target organisations
- IR firms are encountering destructive attacks during 32% of investigations
The report also includes specific threat intelligence information from CB TAU on some ubiquitous attack methods including: the Emotet banking trojan, Monero cryptomining attacks and ransomware that leverages open source tools.