Cyber attacks aimed at destroying or manipulating data have become more frequent during the Covid-19 pandemic, with organisations now experiencing such attacks more than 50% of the time, according to VMware’s seventh annual Global incident response threat report.
Cyber criminals are launching these attacks – known as destructive or integrity attacks – by using emerging techniques that enable them to “distort digital reality”, says the report.
This includes, for example, the manipulation of time stamps through Chronos attacks, or the deployment of deepfake content in business communications compromise (BCC) or business email compromise (BEC) operations, whereby attackers gain access to communication application or email accounts to impersonate the owners’ identity.
“Business communication platforms are the perfect delivery mechanism for deepfakes, because organisations and users implicitly trust them and they operate throughout a given environment,” said Rick McElroy, principal cyber security strategist at VMware.
“At the same time, crypto-mining technology, which draws on computing power from across a network, can easily be repurposed by cyber criminals to generate malicious deepfakes. These deepfakes can be hard to detect, and executives should have an out-of-bounds communications channel to verify the integrity of a message before they trust it.”
McElroy added that, by manipulating time stamps, attackers can “disrupt entire network operations by changing the times of routers and switches, they can interrupt a defender trying to threat hunt, they can even take advantage of microtransactions before a stock dips and potentially alter the value of capital or trades”.
In its latest Modern bank heists report, VMware noted that 41% of financial institutions had observed the manipulation of time stamps, while 60% of the cyber security professionals surveyed for the threat report said they had also observed such attacks.
The report, which is based on a survey of 123 cyber security professionals, said targeted victims now experience integrity and destructive attacks 51% of the time, while nearly one-third saw such attacks more than 80% of the time.
VMware attributed the uptick in integrity and destructive attacks to an increase in the use of cloud technologies and a shift to remote working environments during the pandemic.
For example, 43% of respondents said more than one-third of attacks were targeted at cloud workloads, and 22% said more than half were.
The shift to remote working and greater use of cloud has also led to an increase in attackers using the cloud to “island hop” along the victim’s supply chain, which means an organisation’s infrastructure is hijacked to target the intended victim. The report said 49% of all reported attacks targeted the victim this way.
“If 2020 was the year of island hopping, where cyber criminals infiltrate large company networks by targeting third parties with lower levels of protection, then we should expect cloud-jacking through public clouds to go mainstream in 2021, particularly with the mass migrations to public clouds to support distributed workforces,” said Tom Kellermann, head of cyber security strategy at VMware.
As well as broadening the attack surface, the pandemic has also provided the time, capital and opportunity for cyber crime to industrialise, he added.
“These groups are collaborating on the dark web to form pseudo-legitimate businesses that sell network access points and RaaS [ransomware-as-a-service], and create affiliate programs to reward partners for assisting in malware delivery,” said Kellermann.
“The activity of these groups heightens the need for proactive threat hunting and continuous monitoring to limit exposure and mitigate vulnerabilities.”
In its 2021 Mid-year security report, Check Point noted that there had been a 93% surge in ransomware attacks during the first half of this year, compared with last.
It said this had largely been fuelled by a rise in “triple extortion” operations, whereby attackers, as well as stealing sensitive data from organisations and threatening to release it publicly unless a payment is made, also target the organisation’s customers, vendors or business partners in the same way.
Meanwhile, the broadening of the attack surface that cyber security and incident response professionals are having to manage has seen a high proportion of them experience extreme stress or burnout.
The report noted that of the 51% of respondents who had experienced extreme stress or burnout during the past 12 months, 65% said they had considered leaving their job because of it, while 67% had had to take time off work.
“Burnout is a huge issue with incident response teams, who are handling a spike in engagements in what is still a largely remote environment,” said McElroy. He added that it is more important than ever for leaders to take proactive measures to ensure teams are not only productive, but more able to withstand the stresses of the job.
“Those measures could run the gamut, from one-on-ones to hear team members out, to encouraging them to take leadership and professional development courses, to adopting non-standard activities such as walking meetings and mindfulness training,” he said.
“On the technical side, give your team the time to operationalise a piece of technology before implementing a new one, offer real breaks, and consider rotations of work that assure individuals that their careers are progressing.”