sb-eu logo
Story image

90% of cyber attackers using defence evasion tactics - report

A massive majority of cyber attackers are making sure they are covering their tracks, presenting ever more problems for IT security teams.

A report released today by VMware Carbon Black has revealed that defence evasion behaviour was surveyed in more than 90% of cases in the study. 

The report also offered a holistic view of the evolution of cyber attacks, and what defenders are doing to keep pace.

The report uncovers the top attack tactics, techniques, and procedures (TTPs) seen over the last year and provides specific guidance on ransomware, commodity malware, wipers, access mining and destructive attacks. 
 

Key findings from the report

Attacker behaviour continues to become more evasive

This is a clear sign that attackers are increasingly attempting to circumvent legacy security solutions. 

Defence evasion behaviour was seen in more than 90% of the 2,000 attack samples analysed. 

Defence evasion behaviours also continue to play a key role with ransomware (95% of analysed samples). 

These ransomware attacks are heavily targeting organisations in energy, government and manufacturing sectors.
 

Wiper attacks on the rise

Wipers (attacks that can overwrite data and clear hard drives) continue to trend upward as adversaries (including Iran) began to realise the utility of purely destructive attacks.
 

Tension between IT and security teams

IT and security teams appear to be aligned on goals (preventing breaches, efficiency, incident resolution) but 77.4% of survey respondents said IT and security currently have a negative relationship, according to a Forrester Consulting study.
 

Collaboration is key

According to the VMware Carbon Black study, 55% of survey respondents said driving collaboration across IT and security teams should be the organisation’s top priority over the next 12 months.

More than 50% of survey respondents said that both security and IT will share responsibility for key areas like endpoint security, security architecture and identity/access management over the next three to five years, according to the study.

“Defenders must stop thinking about how to achieve results on their own,” says researcher Rick McElroy.

“Defenders must continue to build bridges with IT teams. The time for cooperation is now. We can no longer afford to go at this problem alone. 

“We need IT teams to look toward security solutions that are built-in and not bolted on. It’s time for security to become part of our organisational DNA," says McElroy.

“It’s time security becomes intrinsic to how we build, deploy and maintain technology.”