Carbon Black Report: Destructive Cyberattacks Increase Ahead of 2018 Midterm Elections

Share and earn Cybytes
Facebook Twitter LinkedIn Email

A trade war with China. A fragile agreement with North Korea. A growing fear of Russian hackers.  Ahead of the 2018 U.S. midterm congressional elections, geopolitical conflict continues to play out in cyberspace.

According to the world’s top incident response (IR) professionals, politically motivated cyberattacks from nation-state actors have contributed to an ominous increase in destructive attacks: attacks that are tailored to specific targets, cause system outages and destroy data in ways designed to paralyze an organization’s operations.

These attackers aren’t just committing simple burglary or even home invasion — they’re arsonists.

Despite the heightened threat, most organizations still lack skilled security experts and don’t have the visibility they need to challenge these ever-evolving cyberattacks. And with November’s U.S. congressional elections fast approaching, at stake is not only significant financial loss, but also the trustworthiness of the country’s political institutions.

To stay abreast of the current attack landscape and to quantify the latest attack trends seen by leading IR firms, Carbon Black publishes a Quarterly Incident Response Threat Report (QIRTR). This is Carbon Black’s second quarterly report since introducing the QIRTR in July.

This report aggregates qualitative and quantitative input from 37 Carbon Black IR partners. The report’s goal is to offer actionable intelligence for business and technology leaders, fueled by analysis of the newest threats, and expert insights on how to stop them. Our research found that today’s attackers are increasingly punitive, sophisticated and confident. And because of the dark web, they have access to complex tools and compromised infrastructures, including voter databases. This allows attackers to exploit new security vulnerabilities and operate at a higher level of sophistication than before.

Among the Report’s Key Findings

China and Russia remain responsible for nearly half of all cyberattacks. Of 113 investigations our IR partners conducted in the third quarter, 47 stemmed from those two countries alone. Iran, North Korea and Brazil were also the origin of a significant number of recent attacks.

Destructive attacks are on the rise. IR firms said that victims experienced destructive attacks 32% of the time, a marked increase from the last QIRTR in July. 

Two-thirds of IR professionals believe cyberattacks will influence the upcoming U.S. elections. Compounding the risk to elections is the dark web, which has marketplaces offering 20 state voter databases for sale.

As cyber attackers gain more access to complex tools and launch more sophisticated attacks, they find new network vulnerabilities and new ways to exploit network architectures.

Attackers’ growing sophistication is evident in the rising instances of counter-incident response, which occurred in over half (51%) of all incidents seen by respondents in the last 90 days. It’s fitting, given the destructive nature of contemporary attacks, that 72% of IR professionals saw counter IR in the form of destruction of logs.

One IR professional recounts: “We’ve seen a lot of destruction of log data, very meticulous clean-up of antivirus logs, security logs, and denying IR teams the access to data they need to investigate.” In other instances, the IR professional said attackers are also stealing network architecture diagrams to find routes in and out of an organization.

In a new addition to our report, we asked IR firms about incidents they’ve seen wherein attackers take advantage of IoT-related vulnerabilities. Fifty-four percent of IR firms said they saw attacks on consumer devices, but a worrisome 38% said they saw attacks on enterprise devices. Compromised IoT devices are of concern because they can be used to “island hop” onto an organization’s primary network.

“It’s a meaningful segmentation of a network,” says one IR professional. “Which means they’re fairly susceptible to island hopping. Protecting IoT requires the ability to protect each endpoint across your organization.”

The increasingly destructive nature of cyberattacks reflect an environment rife with geopolitical tension — one where attackers, empowered by their access to the most complex of tools, exploit new vulnerabilities and employ sophisticated counter incident response techniques. That IR has gotten better — but has not led to more prosecutions — only emboldens these attackers more.

Organizations who remain unprepared risk not only their own financial loss, but those of their customers and partners as well. But with the U.S. midterm elections fast approaching, the risks are more than financial in nature — the rise in cyber campaigns aimed at undermining democratic institutions pose graver threats than ever before.

The top barrier to effective IR remains a lack of visibility. IR professionals can’t hunt down threats if they can’t see into all aspects of an enterprise’s network, which now includes a growing number of at-risk endpoints produced by IoT devices and cloud services.

These attacks won’t slow down. But if we can see them better — through heightened visibility across networks — and quickly detect attacks, we can surely do a better job of stopping them in their tracks.


The post Carbon Black Report: Destructive Cyberattacks Increase Ahead of 2018 Midterm Elections appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?