SolarWinds Unlikely to Be an Isolated Event as Attackers Become More Sophisticated
Cyber-attacks have become increasingly sophisticated in the past year, with the SolarWinds incident unlikely to be an isolated event going forward, according to VMware Security Business Unit’s 2021 Global Cybersecurity Outlook report.
The researchers noted that, in addition to widening the attack surface, the shift to digital following the COVID-19 pandemic has allowed malicious actors the time, capital and opportunity to industrialize, leading to advancements in their operations.
Nearly 40% of the 180 IR, cybersecurity and IT professionals surveyed for the study stated that double-extortion ransomware was the most observed new ransomware technique in 2020. In general, ransomware was a very prominent method employed, with 66% of those polled revealing they had been targeted in this way last year.
There also appears to be a growing number of cyber-villains undertaking counter incident responses (IR), with 63% of respondents saying they saw this occur in 2020. Security tooling disablement (33%) was the most common counter IR technique witnessed, followed by DDoS attacks (26%), security tool bypass (15%) and destruction of logs (11%).
Additionally, the report noted a rise in “island hopping,” in which attackers jump from one network to another along a supply chain, as occurred in the SolarWinds attack. Close to half (44%) of those surveyed observed island hopping taking place in over 25% of all IR engagements, while 13% said it occurred in more than 50% of engagements.
Tom Kellermann, head of cybersecurity strategy, VMware Security Business Unit, commented: “This [SolarWinds] is not an isolated event. With COVID-19 catalyzing digital transformation and a shift to cloud services, these sorts of attacks will only increase in frequency. Organizations have to realize that it’s no longer simply about whether breaches along their supply chains can be leveraged to attack them, but whether they themselves can be used to attack their customers.”
Encouragingly, in response to this more dangerous landscape, organizations appear to be adopting more proactive approaches to security. For instance, 81% said their organization now has a threat hunting program in place.
The respondents’ top security priorities for 2021 included security for trusted third parties/supply chain (24%), remote access security (24%), network and endpoint security (22%), identity and access controls (21%) and hardware/physical device security (9%).
Greg Foss, senior cybersecurity strategist, VMware Security Business Unit, added: “Since 2019, we’ve seen e-crime shift from covert shadow groups into these pseudo-legitimate businesses, replete with customer service channels, clear business sites and increasingly sophisticated attack methods.”