Global Incident Response Threat Report

Manipulating reality: The rise of business communication compromise, time-stamp manipulation, and cloud-jacking empowers adversaries to execute integrity attacks

Key findings

Attacks are becoming more destructive and targeted through advanced techniques.

Respondents indicate that targeted victims now experience integrity and destructive attacks more than 50 percent of the time. Cybercriminals are achieving this through emerging techniques, such as the manipulation of time stamps, or Chronos attacks, which nearly 60 percent of respondents have observed.

With cloud-jacking on the rise, cloud security remains a top priority.

Following the rush to cloud technology amid the pandemic, cybercriminals have continued to exploit these environments to deliver integrity and destructive attacks. Nearly half (43 percent) of respondents said more than one-third of attacks were targeted at cloud workloads, with almost one-quarter (22 percent) saying more than half were. Increasingly, attackers are using the cloud to island hop along the victim’s supply chain: 49 percent of all attacks targeted the victim via island hopping. This is compared to the 53 percent of all attacks our respondents witnessed that target the victim directly.

BCC is fast becoming the new business email compromise (BEC).

Catalyzed by the shift to a remote-work environment during COVID-19, adversaries are increasingly leveraging business communication platforms (e.g., Microsoft Teams, Skype, Slack, Google Chat) to move around a given environment and launch sophisticated attacks. When asked which dual-purpose tools are facilitating lateral movement (or living off the land), 32 percent of respondents chose such platforms, trailing only PowerShell and Microsoft’s .NET.

The nexus between nation-states and e-crime continues to heighten the threat landscape and exploit vulnerabilities.

Among those who encountered ransomware attacks in the past year, 64 percent witnessed affiliate programs and/or partnerships between ransomware groups— groups harbored by nation-states such as Russia. The unprecedented collaboration of cybercriminals is being used to exploit vulnerabilities more effectively than ever before (e.g., zero-day attacks), often through the use of custom malware, which was observed by respondents in more than half (52 percent) of attempted attacks.

Half (51 percent) of defenders experienced symptoms of extreme stress or burnout,

with 65 percent of respondents saying they’ve considered leaving their job because of it. Defenders are also looking for new ways to fight back: 81 percent said they are willing to leverage active defense in the next 12 months.