Report warns of deepfake attacks and cyber extortion

Multi-cloud services provider VMware has released its eighth annual Global Incident Response Threat Report. This provides deep insight into the challenges security teams face in times of pandemics, burnout and geopolitically motivated cyberattacks. Sixty-five percent of security professionals say cyberattacks have increased since Russia's invasion of Ukraine, the report finds. The report also sheds light on new threats such as deepfake, attacks on APIs and cybercriminals targeting incident responders.

Bypass security controls with Deepfake

"Cybercriminals are now incorporating deepfakes into their attack methods to bypass security controls," said Gerd Pflüger, Systems Engineer for Network and Security Virtualization at VMware. "Two-thirds of respondents to our report experienced malicious deepfakes being used as part of an attack. This represents a 13 percent increase over last year, with email being the most common delivery method. Cybercriminals are no longer just using synthetic video and audio data for influence or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment."

Stress as a problem with security teams

In addition to the new risks, the report also points to other issues facing enterprise security teams:

• Burnouts among cyber professionals remain a critical problem. Forty-seven percent of incident responders said they had suffered from burnout or extreme stress in the past 12 months. There is only a slight decrease here from last year's 51 percent. Of this group, 69 percent (down from 65 percent in 2021) of respondents have considered leaving their job because of it. However, companies are working to counteract this: more than two-thirds of respondents said their workplaces have implemented wellness programs to combat burnout.
• Ransomware actors rely on cyber extortion strategies. The prevalence of ransomware attacks, often supported by the collaboration of cybercrime groups on the dark web, is still unchallenged. Fifty-seven percent of respondents have faced such attacks in the past 12 months. And two out of three respondents have encountered affiliate programs and/or partnerships between ransomware groups, as prominent cyber cartels continue to harm businesses through double coercion techniques, data auctions and extortion.
• APIs are the new endpoint and represent the next frontier for attackers. As workloads and applications proliferate, 23 percent of attacks are directed at API security. The top types of API attacks include data spying (42 percent of respondents in the past year), SQL and API injection attacks (37 percent and 34 percent, respectively), and distributed denial of service attacks (33 percent). 
• Lateral movements are the new battlefield. They were seen in 25 percent of all attacks, with cybercriminals using everything from script hosts (49 percent) and file stores (46 percent) to PowerShell (45 percent), business communications platforms (41 percent) and .NET (39 percent) to probe networks. An analysis of telemetry in VMware Contexa, a full-fidelity threat intelligence cloud integrated with VMware security products, found that in April and May 2022 alone, nearly half of the incursions contained a lateral movement event.

Successes in the fight against cybercrime

Despite the increasing threats detailed in the report, incident responders are demonstrating success, with 87 percent saying they are able to disrupt cybercriminals' activities sometimes (50 percent) or very often (37 percent). They are also using new techniques to do so. Three-quarters of respondents (75 percent) say they now use virtual patching as a contingency mechanism. In any case, the more overview defenders have of the ever-growing attack surface, the better equipped they are to weather the storm.

Source: VMWare

This article originally appeared on m-q.ch - https://www.m-q.ch/de/bericht-warnt-vor-deepfake-angriffen-und-cyber-erpressung/