Instead of simply fleeing when discovered, adversaries are actively engaging with incident response teams, a new Carbon Black study finds.
New data gathered from more than three dozen providers of incident response services reveals a disturbing increase in the past quarter of destructive cyberattacks targeting US organizations.
What is not clear is whether the attacks—many of them from countries like China, Russia, and North Korea—are a response to the current geopolitical climate, or demonstrate increasingly punitive attempts by attackers to hide their tracks after being discovered.
Thirty-two percent of the breaches that the 37 incident responders in Carbon Black’s study investigated last quarter involved such attacks compared to 10% in the second quarter.
Instead of simply fleeing when discovered, many threat actors are instead actively engaging with incident responders and deploying counter measures of their own. In 51% of the incidents that IR providers investigated last quarter, adversaries attempted to erase antivirus and security logs and block IR teams from critical forensic data. More than four in ten organizations that experienced a security incident last quarter reported finding a secondary command and control (C2) passageway on their network that was triggered to wakeup if the primary C2 was discovered.
Read more: Dark Reading