China behind most cyber attacks, states report

COVID-19 has become a panacea for cybercriminals, with 53 per cent of Incident Response (IR) professionals reporting an increase in cyberattacks exploiting COVID-19, according to VMware Carbon Black’s latest Global Incident Response Threat Report.

China are behind most attacks, and the financial industry has become a key target.

Titled “COVID-19 Continues to Create a Larger Surface Area for Cyberattacks”, the semi-annual report launched is based on an online survey in April 2020 of forty-nine IR professionals from around the world.

Notable findings include:

• Cyberthreats from China are increasing. Over half of respondents (51 per cent) saw attacks from China in the 90 days before this survey was held, followed by North America (40 per cent) and Russia (38 per cent). Report author Tom Kellermann notes, “The Chinese have exhibited a dramatic evolution in operational security and attack sophistication. It can now be argued that their cyber capabilities rival those of Russia.”
• The financial industry is under siege. More than half of attacks (51 per cent) in the 90 days prior to this survey have been on the financial sector, followed by healthcare (35 per cent), professional services (35 per cent) and retail (31 per cent). This correlates with the finding that 59 per cent of those surveyed said attackers’ end goal was financial gain – by far the leading motivation.
• With the surge in cyberattacks, security teams are struggling to keep up. Incident Response professionals pointed to remote access inefficiencies (52 per cent), VPN vulnerabilities (45 per cent) and staff
• shortages (36 per cent) as the most daunting endpoint security challenges in this regard.

Rick McElroy, cybersecurity strategist at VMware Carbon Black said if he was a “cybercriminal”, the pool of people he can trick now is exponentially larger, simply because it’s a global disaster.

“Organisations, most of which depend on VPNs and other traditional network security infrastructure, may not be prepared,” he said. “Stopping today’s increasingly sophisticated cyberattacks, whether they’re COVID19-related or not, will mean adopting next generation IR strategies.”

Next generation cyberattacks – with adversaries increasingly working to maintain persistence on systems – call for next generation IR, especially as corporate perimeters across the world break down.

Here are five steps security teams can take to fight back:

1. Gain better visibility into your system’s endpoints. Doing so can empower security teams to be proactive in their IR – rather than merely responding to attacks once they come, they can hunt out prospective threats. This is increasingly important in today’s landscape, with more attackers seeking to linger for long periods on a network and more vulnerable endpoints online via remote access.
2. Establish digital distancing practices. People working from home should have two routers, segmenting traffic from work and home devices. They should have a room free of smart devices for holding potentially sensitive conversations. And they should restrict sensitive file sharing across insecure applications, like video conferencing tools.
3. Enable real-time updates, policies and configurations across the network. This may include updates to VPNs, audits or fixes to configurations across remote endpoints and other security updates – even when outside the corporate network. “It’s important to keep in mind the security architecture when making these changes,” Hlavička adds. “Otherwise, things get changed without having the proper controls in place to react.”
4. Remember to communicate. Now more than ever, organisations need to prioritise change management and maintain clear lines of communication – about new risk factors (spear phishing, smart devices, file-sharing applications, etc.), protocols and security resources. Security teams should also hold drop-in hours for any questions and/or hygiene checks.
5. Enhance collaboration between IT and security teams – and make IT teams more cybersecurity savvy. As noted, 92 per cent of IR professionals agree that a culture of collaboration between IT and security teams will improve enterprise security and response to cyber risks. This is especially true under the added stress of the pandemic. Alignment should also help elevate IT personnel to become experts on their own systems, McElroy notes, whether it’s training them to threat hunt on a Windows box or identify anomalous configurations on certain SaaS applications.