Global Incident Response Threat Report

Executive summary – Incident Response

“Criminals never let a good crisis go to waste,” observes Greg Foss, senior cybersecurity strategist at VMware Carbon Black.

This certainly holds true amid the COVID-19 pandemic. In April 2020, the FBI and Secret Service reported a wave of COVID-19- related cybercrimes and threats as criminals capitalized on widespread anxiety, confusion and reliance on digital technology and online networks.

As November approaches, the cybersecurity challenges of the pandemic are colliding with the 2020 U.S. presidential election. According to the Cybersecurity and Infrastructure Security Agency (CISA), the “threat landscape is constantly evolving, and dedicated, malicious actors with virtually unlimited resources will always be able to penetrate some aspect of American networks” ahead of the election. Cybersecurity has already begun to take on new urgency as government entities used by election officials or with relevant voter data are hit with ransomware attacks.

This concurs with findings in our sixth Global Incident Response Threat Report, wherein nearly half (49 percent) of cybersecurity professionals named government as the industry most targeted by attacks; media and entertainment, which can also be leveraged for election-related hacks, was named by 42 percent of respondents. These percentages are roughly double the findings in our August report.

Even more troubling, however, is that today’s cyberattacks—pandemic-related, election-related or otherwise—have grown increasingly sophisticated and destructive. In our latest survey, respondents reported that 82 percent of attacks now involve instances of counter incident response (IR), and 55 percent involve island hopping, where an attacker infiltrates an organization’s network to launch attacks on others along its supply chain. This represents a significant surge since our August report, where only 33 percent of attacks involved counter.

For Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black, the recent findings suggest a significant renaissance in cybercrime, which he believes is leading to a new era of agile organization and sophistication.

“The disruption caused by COVID-19 has created a massive opportunity for criminals to restructure their businesses,” he says. “Traditional criminals are flocking online in a newly shifted digitalfirst world, fueling the expansion of cybercriminal cartels.”

These forces, combined with the scale of the dark web (the World Economic Forum predicts it will become the third largest economy by 2021),5 now pose new security challenges for IR and cybersecurity professionals responsible for detecting and stopping emerging attacks.

In what follows, we’ll paint a picture of this evolving threat landscape by discussing the impact of COVID-19 and the U.S. presidential election and providing some best practices for IR teams and security teams looking to fight back. The survey findings—drawing on responses from 83 cybersecurity professionals—build on previous iterations of the Global Incident Response Threat Report, of which this is the sixth.