The use of deepfakes to evade security controls and compromise organizations is on the rise among cybercriminals, with researchers seeing a 13% increase in the use of deepfakes compared with last year.
That’s according to VMware’s eighth annual “Global Incident Response Threat Report,” which says that email is usually the top delivery method.
The study, which surveyed 125 cybersecurity and incident response (IR) professionals from around the world, also reveals an uptick in overall cybersecurity attacks since Russia’s invasion of Ukraine; extortionary ransomware attacks including double extortion techniques, data auctions, and blackmail; and attacks on APIs.
“Attackers view IT as the golden ticket into an organization’s network, but unfortunately, it is just the start of their campaign,” explains Rick McElroy, principal cybersecurity strategist at VMware. “The SolarWinds attack gave threat actors looking to target vendors a step-by-step manual of how to successfully pull off an attack.”
He says that keeping this in mind, IT and security teams need to work hand in hand to ensure all access points are secure to prevent an attack like that from harming their own organization.
McElroy explains what he found eye-opening was the increase in lateral movement witnessed by most respondents — i.e., the process by which attackers pivot from a compromised device to burrowing deeper into the corporate network.
He calls lateral movement “the new battleground,” appearing in a quarter of all attacks, with attackers leveraging everything from script hosts and file storage (e.g., in the cloud) to PowerShell, business communications platforms, .NET, and numerous other dual-purpose tools to rummage around inside networks.
To account for the threat, organizations must consider solutions that provide visibility into all areas of the network, including the cloud, to ensure they can prevent, detect, and respond to attacks leveraging lateral movement.
“While lateral movement has always been a threat, we have seen an increasing percentage of east-west traffic not moving through the network,” McElroy says. “In this situation, most security teams struggle unless their system and organization controls are equipped to see the lateral movement between workloads and containers on the hypervisor.”
Attackers Targeting APIs with Greater Frequency
The report separately shows that API attacks are being seen by nearly a quarter (23%) of the respondents.
The most common types of API attacks include data exposure (experienced by 42% of respondents), SQL attacks (37%), API injection attacks (34%), and distributed denial-of-service (DDoS) attacks, experienced by a third of respondents.
McElroy says that while it can be difficult to determine a definitive number, if one looks broadly at threat reports from the last three years, API attacks are “definitely increasing.”
“Given that APIs underpin technology stacks and ensure things like integrations, automations and orchestrations, the attackers understand the weaknesses in APIs and have been targeting them more frequently as a result,” he says.
Risk of Burnout Still High, but Falling
Nearly half (47%) of survey respondents have experienced “burnout or extreme stress” in the past 12 months; however, this is down slightly from the 51% reported last year.
However, a higher percentage of those who have experienced burnout say they’re more likely to consider leaving their job than those in the same group from the 2021 report.
Although battling something as big as employee burnout may seem daunting, there are practical steps security teams can take to streamline and ease user stress when it comes to security.
The report, for instance, indicates measures such as flexible hours, investment in further education, and days off for well-being were having a positive effect preventing burnout.
McElroy explains that along with smart steps to address employee wellness, dealing with the tsunami of threats is getting a little easier.
“Defenders have also already begun implementing new strategies and methods to stem the tide of incursions,” he says.
The report says that 75% of organizations have employed virtual patching as an emergency mechanism, nearly 90% of respondents now say they are able to disrupt an adversary’s activities, and 74% report that IR engagements are resolved in a day or less.
“These are all signs that reflect the growing maturity of security teams,” McElroy says.