New Report: Geopolitical Tension Continues to Spawn Cyberattacks

The axis of evil in cyberspace is alive and well!

by Eric Holdeman / November 21, 2019

Global Incident Response tension is once again, playing out in cyberspace. See the report, One Year Out From the 2020 U.S. Elections, Geopolitical Tension Continues to Spawn Cyberattacks. According to VMware Carbon Black’s latest Global Incident Response Threat Report (GIRTR), top incident response (IR) professionals around the world say ongoing geopolitical tensions involving China, Russia, North Korea and Iran are leading to cyberattacks.“The axis of evil in cyberspace is alive and well,” said Tom Kellermann, VMware Carbon Black’s head cybersecurity strategist.

Main takeaways from the report include: 

  • Russia and China are responsible for the lion’s share of cyberattacks in 2019. When asked which country accounted for the most attacks, IR professionals said Russia (29%) and then China (18%), followed by North America, North Korea, Brazil, and Iran.
  • Financial gain was the motivation for 90% of attacks. This is a sharp increase from 61% in the first half of 2019 and a shift from previous years when intellectual property theft and stealing customer information topped the list. 
  • IR pros said they experienced destructive/integrity attacks in about 41% of attacks. This is a 10% increase from the past two quarters. 
  • The use of island hopping continues to increase. It accounted for 41% of total attacks, up 5% since the first half of 2019 while lateral movement stayed steady at 67%
  • Attackers are getting more creative. Custom malware was used in 41% of attacks, up from 33% in Q1 of 2019. The use of commodity malware has seen a slight decline, from 57% last quarter to 54% this quarter.
  • There’s been a significant increase in the use of outside threat intelligence feeds. The technique was used in 57% of attacks this quarter compared to 14% last quarter.
  • Our democracy is at risk. 59% of U.S. respondents said risk around the election process and security has increased significantly since 2016. Within that same group, 65% said they believe the 2020 presidential election will be influenced by an outside entity.
  • Voter databases are being compromised. Machines from previous elections are readily available from high-reputation vendors on the dark web for less than $100. In total, from a single listing, information on more than 81 million voters is currently available for sale.
Platforms & Programs