Content, Content

Carbon Black: 2018 Cybersecurity Recap, 2019 Threat Preview

Credit: Getty Images

While 2018 can be viewed as the year of “next-Gen cyberattacks,” endpoint visibility will become more important than ever as attackers evolve and global frictions heighten, Carbon Black said in its new Global Threat Report.

“Billions of personal records were stolen in 2018, unearthed in breaches that successfully targeted household names in government, technology, healthcare, travel and hospitality. Compounding the problem has been increased geopolitical tension between western democracies and countries like Russia, China and North Korea,” the report said.

To get a clear view of the attack landscape, the security specialist’s Threat Analysis Unit (TAU) researched threats across its customers and incident response (IR) partners.

Here are the top takeaways from the report:

  • Approximately $1.8 billion of cryptocurrency related thefts occurred in 2018.
  • Nearly 60% of attacks now involve lateral movement.
  • Approximately 1 million cyberattacks are attempted per day.
  • 2 cyberattacks targeting Carbon Black protected endpoints are attempted per month.
  • More than 660 cyberattacks against 10K-endpoint enterprises are attempted daily.
  • 1 million cyberattacks daily attempted across Carbon Black customers.
  • About 50% of all cyberattacks in 2018 came from China and Russia.
  • Of 113 investigations Carbon Black’s IR partners conducted in Q3 2018, 47 stemmed from China and Russia.
  • Computer/electronics (33%) led the top 5 industries targeted by commodity malware in 2018, followed by healthcare 24%, business services 11%, software/Internet 6% and manufacturing 5%.
  • The top industries targeted by ransomware in 2018 were manufacturing, business services, retail, government and computers/electronics.
  • PowerShell, Windows management instrumentation and secure file transfer protocol were the top three legitimate applications attackers were leveraging in 2018.
  • 51% of IR professionals see counter incident response during IR engagements

The destruction capabilities of nation-state attacks is not to be underestimated. “As nation-state cyber attackers become more sophisticated and powerful, their attacks become increasingly destructive — our respondents said victims experienced such attacks 32% of the time," Carbon Black said. An IR pro told TAU researchers that they have “seen a lot of destructive actions from Iran and North Korea lately, where they’ve effectively wiped machines they suspect of being forensically analyzed.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.