This past year, the cyberattack surface has drastically changed, creating opportunities for cybercriminals to exploit. After a year that saw one of the largest and fastest transformations in work patterns, security teams now preside over an ecosystem that is more distributed and heterogeneous than ever before. Digital transformation initiatives advanced rapidly as the cyberattack surface expanded to include living rooms, kitchens, home networks, and personal devices. The remote workforce behaves very differently than the office workforce, accessing the network at unpredictable hours as they balance the demands of work and family. As a result, network traffic has changed beyond recognition. Defenders must adapt monitoring systems and trigger points, or risk leaving an opportunity for threat actors to use atypical patterns to mask infiltration attempts.
Against this rapidly changing backdrop, some things remain the same: one industry that has not been disrupted by COVID-19 is cybercrime. In fact, cybercriminals have capitalized on the expanded attack surface. The frequency of attacks is high, sophistication continues to evolve, and breaches are the inevitable result.
According to Cybersecurity Ventures, cybercrime is expected to cost the world $10.5 Trillion annually by 2025. Cybercriminals are collaborating with each other on the dark web to iterate faster and work at scale. The cybersecurity industry should be doing the same to help combat the ever-growing industrialization of cybercrime. To foster better collaboration and cyber ground truth, VMware’s Security Business Unit and Accenture’s Cyber Threat Intelligence group are teaming up to deliver relevant security research into the criminals’ kill chain to expose tactics, techniques, and procedures (TTP) that enable security teams to focus their prevention detection and response programs.
Our threat research uses MITRE ATT&CK® – a comprehensive framework to document adversary TTPs – to focus on TTPs relevant to the initial stages of infection that precede a ransomware event. We will also be focused on the Time to Ransom (TTR) to help teams better create playbooks and responses when an infection occurs. Focusing on the tools and tactics used prior to a ransomware lockdown will identify detection opportunities for security teams to immediately implement.
Accenture and VMware have found that, although the TTR can be as short as a couple of hours, often the TTR will be at least a couple of days and as long as several months. Ransomware groups use tried and true methods to gain initial access to a network, establish a foothold, and get access to the resources desired through moving laterally and harvesting credentials. Each of these activities provides opportunities for detection and remediation before ransomware is deployed. Time is not on our side when it comes to cyber criminals, and we believe this research will prove valuable and relevant to combat the criminals.
VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact. For more information, please visit https://www.vmware.com/company.html.
The mission of VMware’s security business unit is to help keep the world safe from cyberattacks by identifying the latest threats, tactics, and procedures. To deliver the most comprehensive protection possible, VMware continues to enhance our products with the latest detection logic. We have built an automated malware-analysis pipeline to identify the traditional malware artifacts, and we have an advanced-analytics environment to detect the fingerprints left by the attacks that abandon files altogether.
VMware and Carbon Black are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and other jurisdictions.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture helps organizations protect their valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
This document makes reference to marks owned by third parties. All such third-party marks are the property of their respective owners. No sponsorship, endorsement or approval of this content by the owners of such marks is intended, expressed or implied.
Copyright © 2021 Accenture. All rights reserved.