Carbon Black Report: Tools of Choice

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Quarterly Incident Response
Threat Report

PowerShell and WMI

Remain Tools of Choice for Cyberattacks

We’ve long known that PowerShell has been abused, but it is still significant that 100% of respondents say they believe the tool most often helps facilitate lateral movements, followed by WMI at 84%. As one IR professional puts it, “Attackers are living off the land. They’re not bringing tools in with them, but using Windows against Windows. It makes them harder to find.”

That 54% of respondents also see legitimate OS applications being used (via process hollowing) points to the growing severity of such attacks — it can be especially difficult to purge bad actors when they have found a way into the very foundation of your network. Of note, too, is that 16% of respondents see Dropbox as a primary tool for helping facilitate lateral movements, demonstrating hackers’ growing familiarity with cloud services.

The gravity of today’s cyberattacks can’t be understated. When asked how often targeted victims experience destructive/integrity attacks, respondents say they occur at least 10% of the time. And yet the vast majority of organizations remain unprepared. Fifty-nine percent of respondents say the organizations they serve take a reactive, rather than a proactive, stance toward incident response.

“Most cases we see [that organizations] don’t have an IR plan in place,” one IR professional says. Detection capabilities is a major gap — nearly 70% of respondents say lack of visibility is a top barrier to effective incident response (a shortage of skilled security experts and inaccurate/decentralized log keeping are other major obstacles). “Most organizations rely on their IT department and on [legacy] antivirus and a firewall [for IR],” one IR professionals says. “They are easily dismantled; firewalls are useless against inside-out attacks, and unequipped IT departments can often do more harm than good.”

At the end of the day, some say, the continual lack of preparation in the face of such threats comes down to human nature. “The human mind is not great at predicting and investing in nebulous threats that haven’t happened to you,” says one IR professional. “If you haven’t been hit, or if a peer hasn’t been hit, nothing will get done. Most companies wait until something bad has happened.”


The post Carbon Black Report: Tools of Choice appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?