Cybercriminals Manipulate Reality via Integrity and Destructive Attacks, VMware Report Finds

Defenders fight back against weaponization of new technologies, industrialization of e-crime, and burnout

PALO ALTO, Calif.–(BUSINESS WIRE)–#BlackHat2021–At Black Hat USA 2021, VMware, Inc. (NYSE: VMW) released its seventh annual Global Incident Response Threat Report, which analyzes how attackers are manipulating reality to reshape the modern threat landscape. The report found a drastic rise in destructive attacks, where adversaries deploy advanced techniques to deliver more targeted, sophisticated attacks that distort digital reality, be it via business communications compromise (BCC) or the manipulation of time.


“Today, we’re seeing a nexus between nation-states and cybercriminals continue to rapidly advance the development of increasingly sophisticated and destructive cyberattacks, combined with the broadening of the attack surface as a result of COVID-19,” says Tom Kellermann, head of cybersecurity strategy, VMware. “The digital and physical worlds have converged, and everything can be manipulated by modern-day attackers. The reality is that first adopters of advanced technologies, such as artificial intelligence and machine learning, are often cybercriminals on the dark web and in nation-states intelligence communities.”

Defenders are struggling to counter these complex attacks and gain visibility into new environments, such as the cloud, containers, and business communication applications. The report found that defenders are also grappling with mental health concerns and heightened job expectations, with 51% experiencing extreme stress or burnout over the past year.

“Burnout is a huge issue with incident response teams, who are handling a spike in engagements in what is still a largely remote environment,” says Rick McElroy, principal cybersecurity strategist at VMware. “It only further underscores the need for leaders to build resilient teams, whether that means considering rotations of work, empowering individuals to take mental health days, or any number of other initiatives aimed at nurturing personal growth and development.”

Additional key findings from the 2021 Global Incident Response Threat Report include:

  • The nexus between nation-states and e-crime heightens the threat landscape and exploit vulnerabilities: Among those who have encountered ransomware attacks in the past year, 64% witnessed affiliate programs and/or partnerships between ransomware groups. Defenders are also looking for new ways to fight back: 81% said they are willing to leverage active defense in the next 12 months.
  • Advanced techniques are being used to make attacks more destructive and targeted: Respondents indicate that targeted victims now experience destructive/integrity attacks more than 50% of the time. Cybercriminals are achieving this through emerging techniques, like the manipulation of time stamps, or Chronos attacks, which nearly 60% of respondents have observed. Catalyzed by the shift to remote work, 32% of respondents also experienced adversaries leveraging business communication platforms to move around a given environment and launch sophisticated attacks.
  • With cloud-jacking on the rise, cloud security remains a top priority: Following the rush to cloud technology amid the pandemic, cybercriminals have continued to exploit these environments. Nearly half (43%) of respondents said more than a third of attacks were targeted at cloud workloads, with almost a quarter (22%) saying more than half were. For this reason, 6 in 10 respondents said cloud security tools are their top priority to implement.

For more information on the evolving threat landscape as well as actionable guidance and recommendations for incident responders and security teams, download the full report here.

Methodology

VMware conducted an online survey about trends in the incident response landscape in May and June 2021, with 123 cybersecurity and incident response professionals from around the world participating in the study. Percentages in certain questions exceed 100% because respondents were asked to check all that apply. Due to rounding, percentages used in all questions may not add up to 100%.

VMware at Black Hat USA 2021

VMware will discuss the findings from this report and other key security topics in the virtual sessions listed below. Visit our virtual Black Hat USA 2021 booth, and follow along with us on social @VMwareNews and in the VMware Newsroom.

Exposing Vulnerabilities in Kubernetes
Wednesday, August 4 at 8:00 am PT

Daniel Shapira, senior staff researcher

Enemy Inside the Gates: 2020 Threat Landscape Key Findings
Wednesday, August 4 at 10:50 AM PT

Chad Skipper, global security technologist

Giovanni Vigna, senior director of threat intelligence

Disrupting Ransomware and Dismantling the Cybercrime Ecosystem
Wednesday, August 4 at 1:10 pm PT

Tom Kellermann, head of cybersecurity strategy

Rick McElroy, principal cybersecurity strategist

Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros
Wednesday, August 4 at 1:30 pm PT

Giovanni Vigna, senior director of threat intelligence

Stafano Ortolani, threat researcher

Security Hygiene for DevOps
Thursday, August 5 at 10:50 am PT

Ram Akuka, product manager, Security Business Unit

David Zendzian, global field CISO, VMware Tanzu

Exposing Vulnerabilities in Kubernetes
On-demand

Daniel Shapira, senior staff researcher

About VMware

VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact. For more information, please visit https://www.vmware.com/company.html

Contacts

Kerry Tuttle

VMware Global Communications

ktuttle@vmware.com
(470) 247-1987

Jessica Bettencourt

Inkhouse

jbettencourt@inkhouse.com
(774) 451-5142