itb-au logo
Story image

Carbon Black releases 2019 global threat report

28 Jan 2019

Endpoint security solutions provider Carbon Black has released its 2019 Global Threat Report: The Year of the Next-Gen Cyberattack. The report is based on analysis and insight from the Carbon Black Threat Analysis Unit (TAU), who researched the current state of cyber attacks across the Carbon Black customer base and in conjunction with the company’s incident response (IR) partners, who conduct, on average, more than one incident response engagement per day using Carbon Black technology. 

Billions of personal records were stolen in 2018, unearthed in breaches that successfully targeted household names in government, technology, healthcare, travel and hospitality.

Compounding the problem has been increased geopolitical tension between western democracies and countries like Russia, China and North Korea.

To better understand the current attack landscape as we head into 2019, the Carbon Black Threat Analysis Unit (TAU) researched the current state of cyber attacks across the Carbon Black customer base and in conjunction with its incident response (IR) partners. The report found that while cryptomining, fileless attacks, ransomware and commodity malware are still causing havoc, a new breed of cyber attacks (seemingly fuelled by geopolitical tension) is emerging. “Modern cyber attacks appear to increasingly be fuelled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected — using techniques such as lateral movement, island hopping and counter incident response to stay invisible,” the report notes. “According to Carbon Black’s threat research, we believe 2019 promises to be a year where endpoint visibility becomes more paramount than ever as attackers continue to evolve and global tensions increase.”

Among the key findings from the report include:

  • Carbon Black customers, in aggregate, are seeing approximately 1 million attempted cyber attacks per day  
  • The top five industries targeted by cyber attacks in 2018, according to Carbon Black’s global threat data, were: Computers/Electronics, Healthcare, Business Services, Internet/Software, and Manufacturing  
  • As 2018 came to a close, Carbon Black saw several cyber attacks targeting global governments that included indicators of compromise attributable to North Korea  
  • Approximately $1.8billion of cryptocurrency related thefts occurred in 2018  
  • Nearly 60% of attacks now involve lateral movement. Cybercriminals are continuing to hide in plain sight and move laterally leveraging non-malware / fileless attack methods. PowerShell, Windows Management Instrumentation (WMI) and Secure File Transfer Protocol (SSH) were the top three legitimate applications attackers were leveraging in 2018, according to data gathered from Carbon Black’s IR partners.  
  • Half of incident response engagements now involve instances of counter incident response, another concerning sign that attackers have become increasingly sophisticated and are initiating longer-term campaigns — as well as a clear signal that incident response must get stealthier.  
  • Half of cyber attacks today use the victim primarily for island hopping – a term for the practice of infiltrating businesses that supply services to a target organisations  
  • IR firms are encountering destructive attacks during 32% of investigations

The report also includes specific threat intelligence information from CB TAU on some ubiquitous attack methods including: the Emotet banking trojan, Monero cryptomining attacks and ransomware that leverages open-source tools.

Link image
You’re invited: The secrets to workplace happiness in the post-pandemic world
It has been a rough year for workplace wellbeing, with disruption and health concerns worrying every employee. Join Poly’s A/NZ Kickstart 2021 on 10 December from 11am AEDT, where special guest Dr Justin Coulson will share secrets to workplace happiness in the post-pandemic world. Register now.More
Story image
Interview: Why Acronis is building 111 micro data centres almost everywhere
We spoke to Acronis co-founder and technology president Stas Protassov to discuss these announcements.More
Story image
Why tool consolidation should be a top priority for businesses
How can businesses expect to scale for their biggest day when a single, unified view of their infrastructure doesn’t exist? The impact on the business is too high to ignore, writes New Relic APJ executive vice-president and general manager Dmitri Chen.More
Story image
Trintech expands Australian Data Centre and makes additions to local team
"This investment enables mid-market companies in the APAC region to leverage Trintech's industry-leading financial close solution, Adra, in complete compliance with onshore data requirements."More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
Webinar: TLC for Kids on their usage of Nintex Drawloop DocGen
The charity is using the software to free up resources and enable its team to focus on its mission — which, simply put, is to put smiles back on sick kids’ faces. It does this through its TLC Ambulance, Rapid TLC, and distraction box programs, and its services are used over a million times each year across Australia.More