China, Russia and North Korea behind espionage-focused cyberattacks
Cyberattacks come in many forms and from many sources, but a new report from endpoint security company Carbon Black reveals an increasing number originate from nation states with espionage as their goal.
The findings show that 81 percent of incident response (IR) professionals say the majority of attacks come from Russia, while 76 percent say the majority come from China. These foreign actors are seeking more than just financial gain or theft -- 35 percent of IR professionals say the attackers' end goal is espionage.
The financial industry is attacked most often according to 78 percent, 73 percent say healthcare organizations, and 43 percent say government. Nearly 60 percent of attacks now involve lateral movement, which means attackers aren't just going after one component of an organization. They're getting in, moving around and seeking more targets as they go.
How this lateral movement is achieved is interesting. 100 percent of respondents say they've seen PowerShell used for attempted lateral movement, while 84 percent have seen WMI (Windows Management Instrumentation) used for this purpose. This is evidence of attackers 'living off the land' and using tools already on the system rather than installing their own, making detection harder.
In addition 46 percent say they've experienced instances of counter incident response, another concerning sign that attackers have become more sophisticated and are initiating longer-term campaigns.
"If this report reveals anything, it’s that business leaders can no longer get by thinking an attack won’t happen to them," says Tom Kellermann chief cybersecurity officer at Carbon Black, writing on the company's blog. "Attacks that were once reserved for sophisticated campaigns have become an everyday reality. This evolution coincides with mounting geopolitical tensions. Nation-states such as Russia, China, Iran and North Korea are actively operationalizing and supporting technologically advanced cyber militias."
You can find out more and download the full report on the Carbon Black blog.