A report from VMWare states that cyber attacks have increased since Russia invaded Ukraine, and warns of emerging threats such as those involving deep fakes to evade security controls.

VMware has released its eighth annual Global Incident Response Threat Report, which is based on a survey of industry professionals and purports to provide a snapshot of what security teams are up against amid pandemic disruptions, burnout, and geopolitically motivated cyber attacks.

65% of respondents said that cyber attacks have increased since Russia invaded Ukraine, a trend which is somewhat corroborated by plenty of other security reports released this year. It also highlights emerging threats such as deep fakes, attacks on APIs, and cybercriminals targeting IT workers themselves as they respond to incidents.

“Cybercriminals are now incorporating deep fakes into their attack methods to evade security controls,” said Rick McElroy, principal cybersecurity strategist at VMware. “Two out of three respondents in our report saw malicious deep fakes used as part of an attack, a 13% increase from last year, with email as the top delivery method. Cyber criminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deep fake technology to compromise organizations and gain access to their environment.”

With more attacks happening it’s tough on the frontlines of the cyber crime underworld, the report reveals. 47% of incident responders said they experienced burnout or extreme stress in the past year, and of this group, 69% have considered leaving their job as a result.

57% encountered ransomware attacks in the past year, and 66% encountered affiliate programs and/or partnerships between ransomware groups as ‘prominent cyber cartels’ continue to extort organizations through ‘double extortion techniques, data auctions, and blackmail.’

APIs are apparently a new vector of attack, and apparently 23% of attacks compromised API security. The top types of API attacks include data exposure, SQL and API injection attacks, and distributed Denial-of-Service attacks.

The report described something called ‘lateral movement’ as the ‘new battleground’. Lateral movement was seen in 25% of all attacks, which involves cyber criminals leveraging script hosts, file storage, business communications platforms and other entry point to roam around inside networks. The report says in April and May of 2022, nearly half of intrusions contained a lateral movement event.

Chad Skipper, global security technologist at VMware added: “In order to defend against the broadening attack surface, security teams need an adequate level of visibility across workloads, devices, users and networks to detect, protect, and respond to cyber threats. When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems.”

An uptick in cyber attacks of various types since the start of the Russian invasion of Ukraine has been noticed by many firms in the sector who put out these sorts of reports – and its also an issue that’s caught the attention of the upper echelons of the US and UK government, with various agencies and political bodies having put out warnings in the last few months.

Get the latest news straight to your inbox. Register for the Telecoms.com newsletter here.