cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Deepfake attacks and cyber extortion, new tools in cyber crime playbook

VMware’s eighth annual Global Incident Response Threat Report has found that emerging threats such as deepfakes and attacks on API are on the rise, along with cyber criminals targeting incident responders themselves.

user iconReporter
Tue, 09 Aug 2022
Deepfake attacks and cyber extortion, new tools in cyber crime playbook
expand image

According to Rick McElroy, principal cyber security strategist at VMware, cyber criminals are now incorporating deepfakes into their attack methods to evade security controls.

"Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13 per cent increase from last year, with email as the top delivery method.

"Cyber criminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns.


"Their new goal is to use deepfake technology to compromise organisations and gain access to their environment," McElroy said.

Over 125 cyber security and incident response professionals from around the world participated in VMware's online survey about trends in the incident response landscape in June 2022.

According to VMware data, the predominance of ransomware attacks, often buttressed by e-crime groups' collaborations on the dark web, has yet to let up, with 57 per cent of respondents having encountered such attacks in the past 12 months, and two-thirds (66 per cent) have encountered affiliate programs and/or partnerships between ransomware groups. Prominent cyber cartels who continue to extort organisations through double extortion techniques, data auctions, and blackmail are behind the significant push over the past few months.

APIs have also been observed as the new endpoint, representing the next frontier for attackers. As workloads and applications proliferate, 23 per cent of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42 per cent of respondents in the past year), SQL and API injection attacks (37 per cent and 34 per cent, respectively), and distributed denial-of-service attacks (33 per cent).

The data also showed cyber attacks have increased since Russia invaded Ukraine, with 65 per cent of survey participants stating that they have observed the steady uptick.

Cyber professional burnout also remains a critical issue with 47 per cent of incident responders saying they experienced burnout or extreme stress in the past 12 months, down slightly from 51 per cent last year. Out of this group, 69 per cent (versus 65 per cent in 2021) of respondents considered leaving their job as a result. While organisations are working to combat this, more than two-thirds of respondents stated their workplaces have implemented wellness programs to address burnout.

Lateral movement was seen in 25 per cent of all attacks, with cyber criminals leveraging everything from script hosts (49 per cent) and file storage (46 per cent) to PowerShell (45 per cent), business communications platforms (41 per cent), as well as .NET (39 per cent) to rummage around inside networks. An analysis of the telemetry within VMware Contexa, a full-fidelity threat intelligence cloud that's built into VMware security products, discovered that in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event.

In order to defend against the broadening attack surface, Chad Skipper, global security technologist at VMware security teams, explained the need for an adequate level of visibility across workloads, devices, users and networks to detect, protect, and respond to cyber threats.

"When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems," Skipper said.

Despite the turbulent threat landscape and rising threats detailed in the report, incident responders are fighting back with 87 per cent stating that they are able to disrupt a cyber criminal's activities sometimes (50 per cent) or very often (37 per cent).

To do so, cyber defenders are using new techniques. Three-quarters of respondents (75 per cent) say they are now deploying virtual patching as an emergency mechanism. In every case, the more visibility defenders have across today’s widening attack surface, the better equipped they’ll be to weather the storm.

[Related: NHS systems across UK hit by cyber attack]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.