Carbon Black Report: 35% of IR Pros See Espionage as Primary Motive for Attackers

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Fraught Geopolitical Tensions Play Out in Cyberspace

In an effort to gauge the current attack landscape and to quantify the latest attack trends seen by leading IR firms, Carbon Black has introduced its Quarterly Incident Response Threat Report (QIRTR). This report aggregates both qualitative and quantitative input from leading Carbon Black IR partners, who on average participated in one incident response engagement per day over the course of 2017. Data from this report represents insight from active breach investigations where, in most instances, some combination of people, process and legacy security technology has failed. This blog series will tackle a theme from the report each week.

Nation State Actors

Geopolitical tension is a historical constant, but today’s conflicts are increasingly playing out in cyberspace, where subversive acts can be devastating and nearly impossible to prosecute. The result is an evolution in cyberattacks across all verticals, with the financial industry the most frequent target (78% of respondents say as much) followed by healthcare (73%) and government (43%).

Some foreign actors, such as China, are continuing to seek competitive economic advantage, calculating, for instance, that it might be easier to steal IP from an American defense contractor than develop it themselves. Others have political motives, as seen in Russia’s hack of the Democratic National Committee during the 2016 U.S. election and the recent cyber campaign against the U.S. energy sector. As economic pressures and political tensions grow, more and more nation-states are finding it politically and financially advantageous to leverage cyber militias in sophisticated attacks.

These attackers have served as a harbinger for the rise of long-term campaigns depicted in this report. Seeking to avoid detection, nation-state actors might embed themselves on foreign networks and lay low for years before taking overt action. According to one IR professional interviewed for this report, attackers also linger simply because “they want to learn — learn the network, where the data is and how they can get it without setting off alarms.”

The vast majority of cyberattacks originate from two nation-states: 81% of IR professionals say the majority of attacks come from Russia; 76% say the majority come from China. And these foreign actors are seeking more than just financial gain or theft — 35% of IR professionals say attackers’ end goal is espionage. They also frequently cited business disruption and blackmail, at 19% and 14% respectively.

Moreover, nation-state actors introduce techniques and tools that enable more prosaic attackers to take increasingly high-level actions. For example, speaking about the series of powerful Petya cyberattacks waged against Ukraine in 2017, one IR professional says, “A year ago it was top-shelf Russian malware, and now some joker doing cryptocurrency mining is using the same thing…mechanisms out there are tough to contain and malware spreads fast.”

Interested in learning more how you can put incident response best practices into use? At Cb Connect 2018 you’ll have the opportunity to connect with other like-minded security users and build your resume while you become Carbon Black Certified. Becoming Carbon Black Certified for Cb Defense, Cb Protection and/or Cb Response gives you the opportunity to: Earn continuing professional education (CPE) credits through (ISC)2,  Strengthen your knowledge of the product, Continue to develop your skills in information. Learn more here.

The post Carbon Black Report: 35% of IR Pros See Espionage as Primary Motive for Attackers appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?