Carbon Black, a leader in next generation endpoint security delivered via the cloud, has released its 2019 Global Threat Report, the contents of which is based on analysis and insight from the Carbon Black Threat Analysis Unit. Members of the team have researched the current state of cyber attacks across the Carbon Black customer base in conjunction with the company’s incident response partners (who, on average, conduct more than one incident response engagement per day using Carbon Black technology).
The report finds that, while cryptomining, fileless attacks, ransomware and commodity malware are still causing havoc, a new breed of cyber attacks (seemingly fuelled by geopolitical tension) is emerging.
“Modern cyber attacks appear to increasingly be fuelled by geopolitical tension and reveal how clever the attackers have become in evolving to remain undetected, using techniques such as lateral movement, island hopping and counter-incident response to stay invisible,” the report notes. “According to Carbon Black’s threat research, we believe 2019 promises to be a year where endpoint visibility becomes more paramount than ever as attackers continue to evolve and global tensions increase.”
On aggregate, Carbon Black’s customers are seeing approximately one million attempted cyber attacks per day. The Top Five industries targeted by cyber attacks in 2018 were computing/electronics, healthcare, business services, Internet/software and manufacturing.
As 2018 came to a close, the Threat Analysis Unit saw several cyber attacks targeting global Governments that included indicators of compromise attributable to North Korea.
In addition approximately $1.8 billion of cryptocurrency-related thefts occurred last year. Nearly 60% of attacks now involve lateral movement, while half of incident response engagements now involve instances of counter-incident response. Half of cyber attacks today use the victim primarily for island hopping.
For their part, incident response firms are encountering destructive attacks during 32% of investigations.
The report also includes specific threat intelligence information from the Threat Analysis Unit on some ubiquitous attack methods including the Emotet banking trojan, Monero cryptomining attacks and ransomware that leverages open source tools.