New CrowdStrike Report: More Cyber Criminals Adopting “Brazen” Nation-State Style Tactics
The first half of 2019 continued to be a busy one for cybersecurity teams and their organizations. But the nature of the adversary is changing.
New insight from DLT partner, CrowdStrike, finds that attackers are “continuing to ramp up in both their brazen behavior and sophisticated means.”
The mid-year 2019 CrowdStrike Falcon OverWatch Report, which comprises threat data from the company’s industry-leading managed threat hunting team details several accounts of the sophisticated intrusions the team has encountered this year-to-date.
The Falcon OverWatch™ team analyzes an incredible two trillion endpoint events collected each week as well as the tradecraft behind more than 120 adversary groups. Using this data, the team can help customers see and stop the most sophisticated breaches.
During this activity, OverWatch has seen an uptick in stealthy tactics by both eCrime and nation-state actors to maintain a strong foothold on networks.
The Rise of Targeted Intrusions by eCrime Adversaries
To date, eCrime actors have accounted for the majority of detected intrusions in 2019 – more than double the proportion observed in 2018.
The OverWatch team attributes this increase to a continuously evolving eCrime ecosystem, bolstered by greater access to “TTPs for hire” services, and the pursuit of larger “Big Game Hunting” payoffs. Targets for these attacks include law enforcement, academic institutions, oil and gas, aviation, and other government organizations.
However, the frequency of these campaigns targeting CrowdStrike customers doesn’t indicate that state-sponsored activity has decreased. Rather “it reflects a continued escalation of eCrime activities…as the ecosystem evolves and adversaries escalate their activities in pursuit of more and larger payouts,” says CrowdStrike.
China Remains Prolific
No surprises here. Chinese nation-state adversaries were the most active of all nation-state actors in the first half of 2019. No sector is immune either. CrowdStrike has observed Chinese threat actors targeting industries as broad as chemical, gaming, healthcare, hospitality, manufacturing, technology and telecom.
Insights that Can Inform Your Security Strategy
The report also includes information on key trends in adversary activity and offers recommendations for defending against the prevalent tools, techniques and procedures (TTPs) attackers are using. CrowdStrike also stresses the “…imperative that organizations looking to increase their security hygiene deploy threat hunting teams to rapidly detect, investigate and remediate intrusions.”
• The complex and interesting state-sponsored and targeted eCrime intrusions the team has analyzed, including stories from the telecommunications, aviation and chemical industries
• The adversary motives behind the attacks and the most prevalent techniques adversaries are using to achieve their objectives
• Top ten lists: The legitimate and pen-testing tools as well as the implants that were most prominent in state-sponsored and targeted eCrime attacks