In This Incident Response Threat Report


COVID-19 has exacerbated preexisting cyberthreats, from counter incident response and island hopping to lateral movement and destructive attacks. These attacks are ratcheting up existing geopolitical tensions.

Organizations, most of which depend on VPNs and other traditional network security infrastructure, may not be prepared. Stopping today’s increasingly sophisticated cyberattacks, whether they’re COVID-19-related or not, will mean adopting next generation IR strategies.

We hope that in this, the fifth installment of VMware Carbon Black’s semiannual Global Incident Response Threat Report, you’ll find a clearer picture of the evolving threat landscape as well as actionable guidance for today, tomorrow and the challenging months to come.

53% of IR professionals we surveyed encountered or observed an increase in cyberattacks exploiting COVID-19.

Survey Sample:
What are the most daunting endpoint security challenges you have observed relative to the COVID-19 pandemic?


VPNs, which many organizations rely on for protection, have become increasingly vulnerable amid COVID-19, according to more than 60% of respondents. As such, it may be cause for concern that the average update cycle for software patches and security configurations on VPNs tends to occur on a weekly (or less frequent) basis.

As far as other new vulnerabilities go, IR professionals point to the use of IoT technologies, personal devices like iPhones and iPads, and web conferencing applications – all of which are increasingly in professional use as work moves remote and the corporate perimeter breaks down.

For instance, respondents said that 27% of incidents during the 90 days prior to the survey took advantage of IoT-related vulnerabilities.

Like lateral movement, about a third of respondents saw an attack that used island hopping.

Forty percent of attacks that used island hopping spread destructive malware in the process.

Download the Complete Report Now