sb-as logo
Story image

Carbon Black releases 2019 global threat report

28 Jan 2019

Endpoint security solutions provider Carbon Black has released its 2019 Global Threat Report: The Year of the Next-Gen Cyberattack. The report is based on analysis and insight from the Carbon Black Threat Analysis Unit (TAU), who researched the current state of cyber attacks across the Carbon Black customer base and in conjunction with the company’s incident response (IR) partners, who conduct, on average, more than one incident response engagement per day using Carbon Black technology. 

Billions of personal records were stolen in 2018, unearthed in breaches that successfully targeted household names in government, technology, healthcare, travel and hospitality.

Compounding the problem has been increased geopolitical tension between western democracies and countries like Russia, China and North Korea.

To better understand the current attack landscape as we head into 2019, the Carbon Black Threat Analysis Unit (TAU) researched the current state of cyber attacks across the Carbon Black customer base and in conjunction with its incident response (IR) partners. The report found that while cryptomining, fileless attacks, ransomware and commodity malware are still causing havoc, a new breed of cyber attacks (seemingly fuelled by geopolitical tension) is emerging. “Modern cyber attacks appear to increasingly be fuelled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected — using techniques such as lateral movement, island hopping and counter incident response to stay invisible,” the report notes. “According to Carbon Black’s threat research, we believe 2019 promises to be a year where endpoint visibility becomes more paramount than ever as attackers continue to evolve and global tensions increase.”

Among the key findings from the report include:

  • Carbon Black customers, in aggregate, are seeing approximately 1 million attempted cyber attacks per day  
  • The top five industries targeted by cyber attacks in 2018, according to Carbon Black’s global threat data, were: Computers/Electronics, Healthcare, Business Services, Internet/Software, and Manufacturing  
  • As 2018 came to a close, Carbon Black saw several cyber attacks targeting global governments that included indicators of compromise attributable to North Korea  
  • Approximately $1.8billion of cryptocurrency related thefts occurred in 2018  
  • Nearly 60% of attacks now involve lateral movement. Cybercriminals are continuing to hide in plain sight and move laterally leveraging non-malware / fileless attack methods. PowerShell, Windows Management Instrumentation (WMI) and Secure File Transfer Protocol (SSH) were the top three legitimate applications attackers were leveraging in 2018, according to data gathered from Carbon Black’s IR partners.  
  • Half of incident response engagements now involve instances of counter incident response, another concerning sign that attackers have become increasingly sophisticated and are initiating longer-term campaigns — as well as a clear signal that incident response must get stealthier.  
  • Half of cyber attacks today use the victim primarily for island hopping – a term for the practice of infiltrating businesses that supply services to a target organisations  
  • IR firms are encountering destructive attacks during 32% of investigations

The report also includes specific threat intelligence information from CB TAU on some ubiquitous attack methods including: the Emotet banking trojan, Monero cryptomining attacks and ransomware that leverages open-source tools.

Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More