It seems cybercriminals have gained the upper hand. With a shortage of skilled cyber-defenders, how do we turn the tide?

Computer viruses have come a long way since its first creation in the early 1970s.

Dubbed the Creeper virus, the first-ever computer virus posed a major threat at the time as it revealed vulnerabilities within the network –  allowing for certain groups of people to infiltrate networks and steal sensitive data. This gave birth to the world’s first hackers.

Since then, viruses have evolved from simple worms to highly advanced, AI-driven malware capable of destroying data and files on networks, causing disruptions to systems and services today. Lone hackers have combined forces to form syndicates and underground organizations, leveraging new techniques and malware to conduct sophisticated attacks.

Cyber-attackers are becoming more aggressive and ruthless. Cybercriminals have moved from burglaries and break-ins to full-on heists – even putting human lives at risk, as in the case when a Russian cyber-attack on Ukrainian companies cut power to 225,000 civilians.

It seems that these bad actors are gaining the upper hand. 94% of organizations worldwide reported being victims of cyber-attacks in the past 12 months, according to a VMware Carbon Black report.

The threat landscape in Asia Pacific is no better, if not worse.

Cyber-defenders are often left in the dust while attackers wield new techniques such as Counter Incident Response to evade detection within a compromised network. With a dearth of cybersecurity professionals, the regional cybersecurity skills gap is exacerbating the situation.

To turn the tide against this tsunami of cyber-threats, defenders need to understand attacker behavior, and study patterns and trends to improve their security posture.

CybersecAsia had the privilege of getting some regional and global insights from Matt Bennett, Senior Director, Asia Pacific and Japan, VMware Carbon Black:

Matt Bennett, Senior Director, APJ, VMware Carbon Black

How does the cyber-threat landscape in Asia Pacific differ from the global picture?
Bennett: The global cyber-threat landscape is escalating rapidly. Our research has found that 90% of security professionals across the globe said that the volume of attacks they faced has increased. Additionally, 94% of organizations worldwide have suffered a data breach as a result of a cyberattack in the past 12 months.

However, global averages do not always tell the full story. When we delve into responses from the different regions, it is clear that some geographies are experiencing a different picture. Within Asia Pacific and Japan, there are great differences in the cyber threat landscape.

In our latest Singapore threat report, respondents reported only a 43% increase in attack volume in the last 12 months from April 2019 to March 2020 – the lowest globally. Attack frequency and sophistication have also decreased, with only 80% of Singapore organizations having suffered a data breach as a result of a cyber-attack in the past year.

However, when we looked at Australia and Japan, the data differed greatly. Australia and Japan broadly aligned with the global picture on attack volumes, with 94% and 92% respectively reporting increases in attacks. For Japan, this is a significant rise, up from 49% in October 2019.

This difference is reflected in attack sophistication, too. Australia and Japan both outstrip the global average of 80% (88% and 94% respectively report increased sophistication), but in Singapore just 67% say attacks have become more advanced.

Although Singapore has witnessed lower figures than the global average, we might expect it to be even lower when viewed in the context of the less intense threat environment with fewer attacks and lesser sophistication. Clearly a higher proportion of the attacks that are taking place are succeeding. This difference could mean one of two things – either the security technologies employed by Singapore companies to mitigate security threats are working, or that perhaps attackers have become much more targeted with regards to the types of organizations they infiltrate.

In terms of the types of attacks that have caused successful breaches, island hopping is one that has become more prevalent – one in five successful breaches among Japan respondents were caused by island-hopping attacks.

Island hopping is when cybercriminals target less sophisticated organizations in order to attack their larger affiliates. Victim organizations are used to laterally attack trusted partners and customers as cyber criminals use vulnerabilities in the first companies’ defenses as a point of entry to the second. Organizations need to be hyper-aware that attackers are not only after them, but all those along their supply chain as well.

What is Counter Incident Response and why is it becoming common among cyber-attackers? 
Bennett: Attackers are now developing their own incident response strategies and have well-planned roadmaps to achieve their goal, instead of simply moving on to another target. As security teams reacts to a potential threat, cyber criminals are now reiterating their attack codes as an attempt to evade detection, or even destroy logs of any event that occurred in the network. This is known as counter incident response.

According to VMware Carbon Black Global IR Threat report, a third of IR professionals surveyed encountered instances of attempted counter IR in April 2020 – a 10% increase from our previous reports. The forms of counter IR used today are primarily destruction of logs (50%) and diversion (44%). While cyber defenders are getting better at IR, attackers continue to become increasingly sophisticated. However fast businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster.

Are APAC organizations lagging behind in cybersecurity policies and adoption?
Bennett: Our research suggests that while the APAC region has made great strides in improving security strategies, there is still work to be done. This is evidenced by our report, which indicates that 91% of respondents from the APAC region plan to increase security budgets. This is lower than the global average of 96% but still a healthy commitment of funds to tackling cyber risk.

More importantly, as the cyber threat landscape continues to intensify, businesses need to adopt a new approach to security. Security teams must be working in tandem with business leaders to shift the balance of power from attackers to defenders. Collaborating with IT teams will be critical, as businesses will need to work to remove the complexity that is weighing down the current model.

Building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – can help teams significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.

How can businesses in Asia Pacifc better protect themselves against cyber-threats? 
Bennett: The surge in counter IR, destructive attacks, lateral movement and island hopping, make for a perilous threat landscape. That said, with the right tools, strategies, collaboration and staff, IR teams can handle the threat.

Here are four steps security teams can take to fight back:

  1. Gain better visibility into the system’s endpoints: Gaining visibility into endpoints can empower security teams to be proactive in their IR, rather than merely responding to attacks as they come. This enables teams to hunt for prospective threats before they happen. This is increasingly important in today’s landscape, with more attackers seeking to linger for long periods on a network and endpoints via remote access.
  2. Enable real-time updates, policies and configurations across the network: It is important to enable regular real-time updates to VPNs, audits or fixes to configurations across remote endpoints and other security updates – even when outside the corporate network.
  3. Remember to communicate: Now more than ever, organizations need to prioritize change management and maintain clear lines of communication – about new risk factors such as spear phishing, smart devices, file-sharing applications, and protocols and security resources. Security teams should also conduct regular cyber hygiene checks.
  4. Enhance collaboration between IT and security teams: A culture of collaboration between IT and security teams will improve the overall enterprise security and response to cyber risks. This is especially true under the added stress of the pandemic. Alignment should also help elevate IT personnel to become experts on their own systems, whether it is training them to threat hunt on a Windows box or identify anomalous configurations on certain SaaS applications.