CrowdStrike detail rise of state-sponsored attacks in new global threat report
FYI, this story is more than a year old
Endpoint protection company CrowdStrike has released its 2018 Global Threat Report, providing their detailed account of the current attack surface while particularly noting the rise of state-sponsored cyber attacks.
These state-sponsored attacks include what the organisation refers to as the ‘trickle-down effect’, where technologies developed by government ends up being re-proliferated or weaponised, leading to more headaches for end users and organisations.
CrowdStrike VP of technology strategy Michael Sentonas told a media panel that this is part of a shift in how threat actors are operating.
“We’re starting to see interesting changes in the way adversaries are working which makes it very hard for the average end-user,” he said.
“Adversaries are starting to leverage tactics and share them with each other. Attacks that you would see used traditionally by a nation-state, are now being used by a hacktivist or e-crime actor.
“For instance, we’re starting to see a lot of ransomware that is linked back to nation-states, or ransomware that was developed by nation states that have been repurposed.”
Sentonas also mentioned that one of the best examples of this is the WannaCry attack.
“The best example of the trickle-down effect in terms of cyber attacks is WannaCry. We all know essentially where WannaCry has come from, and that capability was reused multiple times on separate occasions throughout the year,” Sentonas continued.
In addition to detailing key trends driving adversary targeting and a dive into the key factors shaping the targeted intrusion campaigns of notable nation-state adversaries, including China, Russia, Iran and North Korea, the report brings to light other metrics defining the state of cybersecurity today across industries.
For example, Malware - while still a huge concern for organisations - is not as prevalent and overarching as some may think, as many attacks didn’t use Malware at all.
According to CrowdStrike, In 2017, 39% of all attacks constituted malware-free intrusions that were not detected by traditional antivirus, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks. Other notable highlights of report include;
- CrowdStrike Threat Graph data indicates that it takes an intruder an average of one hour and 58 minutes to begin moving laterally to other systems in the network.
- The propagation of advanced exploits has blurred the lines between statecraft and tradecraft, evolving the threat landscape beyond conventional security measures.
- Extortion and weaponization of data have become mainstream among cyber criminals, heavily impacting government and healthcare, among other sectors.
- Nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical, and even militaristic exploitation purposes.
- Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and eCrime actors.
CrowdStrike vice president of intelligence Adam Meyers says, “Today, the lines between nation-states and eCrime actors are increasingly blurring, elevating the sophistication of threats to a new level. Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions.
“With the Global Threat Report, public and private sector organizations can be better informed about the employed tactics, techniques, and procedures (TTPs) and properly allocate the defenses and resources necessary to protect assets that are most at risk.”
The global threat report leverages three main resources to analyses threat data including the CrowdStrike Falcon Intelligence platform, CrowdStrike’s managed hunting team (known as Falcon OverWatch) and the CrowdStrike Threat Graph, which is the company’s cloud-based graph database technology, processing over 90 billion events a day across 176 countries.