VMware Eyes Threats Evading
May 18, 2021
has long been a domain of innovation but is reaching a point of diminishing
returns. According to Gartner, end-user spending for the information security
and risk management market is estimated to grow at a compound annual growth rate
of 8.7% from 2020 through 2025 to reach $213.7 billion in U.S. dollars(1). At
the same time, Cybersecurity Ventures reports global cybercrime costs are
expected to grow by 15% per year over the next five years, reaching $10.5
trillion USD annually by 2025, up from $3 trillion USD in 2015(2).
VMware believes the answer is not some new security product or feature, or a
different type of analytics. Whatís needed are structural and architectural
changes to how organizations approach security. VMware Security enables
customers to implement Zero Trust with fewer tools and silos, and scale response
with confidence, speed, and accuracy by joining the critical control points of
users, devices, workloads, and networks and delivering security as a built-in
distributed service. VMware Security enables customers to better detect and
respond to exposures and attacks quickly; remediate known and potential threats
faster; simplify security operations; and make more effective use of resources.
New Threat Landscape Report Highlights Extent of Threats Evading Perimeter
Highlighting the need for a new approach, particularly inside the perimeter, is
a newly released threat landscape report from the VMware Threat Analysis
Unit(3). In ďNorth-by-South-West: See What Evaded Perimeter Defenses,Ē the
findings are clear: despite a cadre of perimeter defenses being deployed,
malicious actors are actively operating in the network. The research presents a
clear picture of how attackers evade perimeter detection, infect systems, and
then attempt to spread laterally across the network to execute their objective.
Key insights include:
best offense is to evade defense: Evasion of defense systems is the most
encountered MITRE ATT&CK tactic used by malware, followed by execution and
discovery. More than half of the network anomalies detected are unusual
beaconing, followed by connections on suspicious ports and anomalous connections
between two hosts.
When itís commonly used, itís commonly abused: Email continues to be observed as
the most common attack vector to gain initial access with more than four percent
of all business emails analyzed containing a malicious component. Attackers
appear to be massively scaling up operations via an email campaigns weaponizing
ZIP file attachments with malicious content. More than half of all malicious
artifacts analyzed were delivered by a Zip archive. Finally, more than 75
percent of lateral movement events identified were conducted using Remote
Desktop Protocol (RDP) often using stolen credentials to log in to other hosts
on the network.
In with the new (no but out with the old): The most common bad security practice
being observed is the transmission of clear-text passwords over the network,
which can provide attackers the keys to the kingdom, enabling them to move
laterally and exfiltrate data. Additionally, events associated with crypto
mining activity account for a quarter of all known threats observed, signaling a
new threat vector that is emerging.