Story image

Carbon Black claims there's a link between geopolitics and cyberterrorism

25 Jul 2018

China, North Korea, and Russia are responsible of many of the world’s cyber attacks, and according to Carbon Black those countries are both operationalizing and supporting advanced cyber militias.

Those are some of the findings from the company’s Quarterly Incident Response Threat Report, which points the finger at the link between geopolitical tensions and increasing cyber warfare efforts.

“Geopolitical tensions manifest in cyberspace. There is a direct link between the failures of diplomacy and cyberespionage and cyberterrorism. The cold war adversaries have colonised wide swaths of Western cyberspace. This is compounded by the reality that organised crime syndicates have migrated their criminal conspiracies online,” says Carbon Black’s chief cybersecurity officer, Tom Kellermann.

According to the report, Russia is the origin point for most attacks, but China follows close behind. North America, Iran, North Korea, and Brazil also round out the top six.

Those intrusions are no longer reserved for select targets and they are a threat to all organizations, he continues.

According to the report, 31% of incident response professionals say that the reasons behind cyber attacks are not just financial gain or data theft, but also espionage.

Attackers are also moving laterally throughout systems – 59% of attacks use this tactic, which means they aren’t targeting one part of a system. Instead, they are moving around and seeing more targets as they go.

PowerShell is a popular tool of choice for attackers seeking lateral movement.

Attackers are also getting wise to organisations’ incident response strategies.

The report says that 46% of respondents say they’ve experienced instances of counter incident response.

“The cyber intrusions of today have evolved from burglary to home invasion. Today’s cyber intrusions are more persistent and more destructive.  In fact, the Cb Incident Response Threat Report noted that over 46% of cyber intrusions experiences counter-incident response e.g. The adversary was fighting back to remain in the system.  The same study noted that 10% have experienced destructive attacks,” Kellermann says.

Carbon Black also notes that because criminals can sniff out incident response strategies, those strategies must now evolve to become stealthier.

Finally, 36% of respondents say attackers now use victims for ‘island hopping’.

“In these campaigns, attackers first target an organization’s affiliates, often smaller companies with immature security postures. This means that not only is your data at risk, but so is the data at every point in the supply chain, including customers and partners,” Kellermann concludes.

The Quarterly Incident Response Threat Report quizzed 37 leading incident response organisations, all of which were Carbon Black partners.

IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.