VMware shares its cybersecurity outlook data for 2021

2020 was undoubtedly a defining year for cybersecurity. The pandemic did more than broaden the attack surface, it provided the time, capital, and opportunity for cybercrime to industrialise. According to VMware’s 2021 Global Cybersecurity Outlook data, ransomware attacks are getting increasingly sophisticated. In the survey of IR, cybersecurity, and IT professionals (including CTOs, CIOs and CISOs) from around the world, nearly 40% of respondents said double-extortion ransomware was the most observed new ransomware attack technique in 2020. The survey found attackers are leveraging a number of counter IR techniques, including security tool disablement (33%); Denial of Service attacks, Security tool bypass and  Destruction of logs. 

Greg Foss, Senior Cybersecurity Strategist, VMware Security Business Unit, says: “Since 2019, we’ve seen e-crime shift from covert shadow groups into these pseudo-legitimate businesses, replete with customer service channels, clear business sites and increasingly sophisticated attack methods.” Greg’s colleague, Rick McElroy, Principal Cybersecurity Strategist at VMware Security Business Unit, adds: “Cybersecurity is adapting to changing conditions. The old school mentality is gone. Security teams realise they must change their architectures, adopt a cloud-first mindset, and work together to meet today’s challenges. The path they’re charting is a good one.”

Security teams now know it's not a matter of if they'll get attacked, but when and have adopted a proactive mindset. Eighty one per cent of organisations surveyed, reported having a threat hunting programme in place. With new attack methods on the rise, they have been forced to shift their mindset and rethink their approach to security across applications, clouds, and devices. “Organisations recognise security tools won’t tell them everything,” Greg explains. “You need human beings to manually go through the information being collected to proactively look for clues and anomalies.”

The past year has served as a security wake-up call for organisations in both the public and private sectors. As the threat landscape evolves, Greg and his team believe there are four best practices for CISOs and security teams looking to fight back in 2021.

Workload Security 

To defend against cloud jacking, organisations using private and public clouds need to focus on protection, not only at the endpoint level but across workloads, according to VMware. Cloud workload security is particularly complex, as workloads pass through multiple vendors and hosts, thus the responsibility for protecting them must be shared and prioritised. With the proliferation of apps and data, organisations must ensure they are protecting them wherever they are. “As we navigate a cloud-first world, security for the cloud that extends across workloads and Kubernetes protection will be critical for all organisations,” says Greg.

“We’re seeing an increase in malicious actors targeting workloads because it is harder for organisations to monitor them,” he adds. Workloads are getting hit by adware and cryptominers as adversaries are focused on profit because workloads are temporary services, making it easier to take advantage of these services quickly. With this approach, adversaries are able to break out of the sandbox setting within the workload, and actually target the servers and encrypt virtual machines that are held within. With this in mind, organisations need to look at both the host and the workload to ensure both are protected. With the distributed workforce and rapid move to the cloud, this type of attack has become more attractive than ever to the adversary. 

Identity Management and Continual Authentication

Identity management is key, according to Greg and his team. Security teams today should have the mindset that attacks do not have a discrete beginning or end, rather, adversaries are continually accruing intelligence and harvesting data about the organisation suppliers and customers that they leverage in attack or profit from. Greg believes  security teams must be able to track identities as they move throughout systems and workloads. This requires visibility into a lateral movement beyond PowerShell, as well as the integration of network detection response and endpoint detection response capabilities. 

Threat Hunting

Greg says we should assume attackers have multiple avenues into our organisation. Given the nature of C2 on a sleep cycle, steganography, and other methods, adversaries can maintain clandestine persistence in our systems. Threat hunting on all devices can help security teams detect behavioural anomalies. Once identified, organisations can then reimage devices, eliminating the bad actor. “Many organisations today are realising that threat hunting is an integral part of any security programme. It’s about understanding that a proactive approach is required alongside the contextual insights. Security teams are combing through massive amounts of data and are able to understand the context behind the attacks and trends they’re seeing in the data. Purple teaming is also becoming a more common approach to test threat hunting capabilities and identify gaps in visibility to prevent future vulnerabilities,” he says.

Maturing Detection

Finally, VMware says organisations should be constantly evaluating the effectiveness of their security posture. Doing so requires the vigilance of system users, the right tools, and platforms as well as qualified cybersecurity professionals to ensure their infrastructure is resilient and protected from ongoing threats and attacks. “Organisations need to understand how the larger cybercrime ecosystem plays into the attacks that they are most likely to be confronted with,” says Greg. While the focus has long been on “advanced nation-state adversaries,” the reality is that cybercrime groups are just as capable, if not more so in many cases. “These capabilities, combined with financial fallout from the pandemic and an ever-burgeoning cybercrime ecosystem, in which stolen data, exploitation and access as a service and more are traded at an incredible rate, result in a significant likelihood of catastrophic impact,” he concludes.

As CISOs and security leaders navigate the evolving threat landscape in 2021 and beyond, it could be time to rethink security strategies and take the necessary steps to put the power back in the hands of defenders.