Carbon Black Report: China, Russia & North Korea Launching Sophisticated, Espionage-Focused Cybe

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Even as a steady drumbeat of headlines keeps the world’s attention focused on cybercrimes, such as ransomware and cryptojacking, in the dark corners of the internet, attackers are busy refining their craft. According to the world’s top incident response (IR) professionals, cyberattackers are honing their ability to remain undetected inside the enterprises they’ve breached, and evolving their attacks to counter defenders’ response efforts.

If this report reveals anything, it’s that business leaders can no longer get by thinking an attack won’t happen to them. Attacks that were once reserved for sophisticated campaigns have become an everyday reality. This evolution coincides with mounting geopolitical tensions. Nation-states such as Russia, China, Iran and North Korea are actively operationalizing and supporting technologically advanced cyber militias.

Most organizations remain woefully unprepared to combat such attacks. The majority have yet to create and implement proactive incident response plans, continuing instead to lean heavily on outdated legacy antivirus and firewall tools for protection.

In an effort to gauge the current attack landscape and to quantify the latest attack trends seen by leading IR firms, Carbon Black is introducing its Quarterly Incident Response Threat Report (QIRTR). This report aggregates both qualitative and quantitative input from leading Carbon Black IR partners, who on average participated in one incident response engagement per day over the course of 2017. Data from this report represents insight from active breach investigations where, in most instances, some combination of people, process and legacy security technology has failed.

Among some key findings from the report: 

The vast majority of cyberattacks originate from two nation-states: 81% of IR professionals say the majority of attacks come from Russia; 76% say the majority come from China. And these foreign actors are seeking more than just financial gain or theft — 35% of IR professionals say attackers’ end goal is espionage.

Geopolitical tension is driving an evolution in cyberattacks against all verticals, but 78% of IR professionals say the financial industry is attacked most often; 73% say healthcare organizations and 43% say government.

Nearly 60% of attacks now involve lateral movement, which means attackers aren’t just going after one component of an organization. They’re getting in, moving around and seeking more targets as they go. Of note, 100% of respondents say they’ve seen PowerShell used for attempted lateral movement.

Nearly half (46%) of incident response professionals say they’ve experienced instances of counter incident response, another concerning sign that attackers have become increasingly sophisticated and are initiating longer-term campaigns — as well as a clear signal that incident response must get stealthier.

More than a third (36%) of today’s attackers now use the victim primarily for island hopping. In these campaigns, attackers first target an organization’s affiliates, often smaller companies with immature security postures. This means that not only is your data at risk, but so is the data at every point in your supply chain, including that of your customers and partners.

The full report includes specific case studies from leading IR firms Rapid7, Kroll, and Black Cipher and includes six tips from IR pros on how organizations can take a proactive approach to incident response.

Interested in learning more how you can put incident response best practices into use? At Cb Connect 2018 you’ll have the opportunity to connect with other like-minded security users and build your resume while you become Carbon Black Certified. Becoming Carbon Black Certified for Cb Defense, Cb Protection and/or Cb Response gives you the opportunity to: Earn continuing professional education (CPE) credits through (ISC)2,  Strengthen your knowledge of the product, Continue to develop your skills in information. Learn more here.

The post Carbon Black Report: China, Russia & North Korea Launching Sophisticated, Espionage-Focused Cyberattacks appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?