Cybercrime groups are becoming more creative and using tactics such as supply chain attacks against digitally transformed and agile environments.
According to a new report by VMware Carbon Black, which included a survey of 83 incident response and cybersecurity professionals, 82% of attacks now involve instances of “counter incident response” where victims claim attackers have the resources to “colonize” victims’ networks.
Speaking to Infosecurity, Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black, said there has been a common “arrogance in how we conduct incident response” and this allows the adversary to know that the defender has spotted them, and attackers move into “a destructive attack mode” in response. This will involve them tampering with agents, dropping wiper malware and ransomware, and changing time stamps on logs whilst they are in the victim’s environment.
“We must do a better a job of how we react” Kellermann said, adding that there needs to be a “silent alarm” system on when an attacker is spotted in your environment, as we currently “make critically bad assumptions” on how to manage threat hunting and when reacting. “As we know, we are in a brave new world, and the greatest cybercrime crews are protected by regimes, and with a dramatic spike in social unrest, businesses have been forced to use digital transformation to exist in the pandemic,” he said. This means being less visible in the response and hunting efforts.
This has born the concept of “island hopping,” where an attacker infiltrates an organization’s network to launch attacks on other businesses along the supply chain. This is the concept of an attacker doing a series of compromises along a supply chain, hitting mu ..
Support the originator by clicking the read the rest link below.
