The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked.
At least that’s what researchers concluded in the fifth installment of VMware Carbon Black’s semi-annual Global Incident Response Threat Report, which also focused heavily on the impact of COVID-19 on security operations.
The study found that 33 percent of respondents encountered instances of attempted counter incident response (counter IR) – a 10 percent increase from its previous report, said Tom Kellermann, head of cybersecurity strategy at VM Carbon Black. Some 50 percent of the attacks were deletion of logs, while another 44 percent were diversions, including timestamp manipulations, subnet changes and authentication manipulations.
“Once the attackers delete logs and run the diversions they drop ransomware, often NetPetya-style ransomware,” Kellermann said. “We’ve found that these counter IR attacks are very aggressive and often quite destructive.”
Kellermann said the attackers are doing a lot of “island hopping,” when attackers look to le ..
Support the originator by clicking the read the rest link below.
