Story image

CrowdStrike detail rise of state-sponsored attacks in new global threat report

27 Feb 2018

Endpoint protection company CrowdStrike has released its 2018 Global Threat Report, providing their detailed account of the current attack surface while particularly noting the rise of state-sponsored cyber attacks.

These state-sponsored attacks include what the organisation refers to as the ‘trickle-down effect’, where technologies developed by government ends up being re-proliferated or weaponised, leading to more headaches for end users and organisations.

CrowdStrike VP of technology strategy Michael Sentonas told a media panel that this is part of a shift in how threat actors are operating.

“We’re starting to see interesting changes in the way adversaries are working which makes it very hard for the average end-user,” he said.

“Adversaries are starting to leverage tactics and share them with each other. Attacks that you would see used traditionally by a nation-state, are now being used by a hacktivist or e-crime actor.

“For instance, we’re starting to see a lot of ransomware that is linked back to nation-states, or ransomware that was developed by nation states that have been repurposed.”

Sentonas also mentioned that one of the best examples of this is the WannaCry attack.

“The best example of the trickle-down effect in terms of cyber attacks is WannaCry. We all know essentially where WannaCry has come from, and that capability was reused multiple times on separate occasions throughout the year,” Sentonas continued.

In addition to detailing key trends driving adversary targeting and a dive into the key factors shaping the targeted intrusion campaigns of notable nation-state adversaries, including China, Russia, Iran and North Korea, the report brings to light other metrics defining the state of cybersecurity today across industries.

For example, Malware - while still a huge concern for organisations -  is not as prevalent and overarching as some may think, as many attacks didn’t use Malware at all.

According to CrowdStrike, In 2017, 39% of all attacks constituted malware-free intrusions that were not detected by traditional antivirus, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks.

Other notable highlights of report include;

  • CrowdStrike Threat Graph data indicates that it takes an intruder an average of one hour and 58 minutes to begin moving laterally to other systems in the network.
  • The propagation of advanced exploits has blurred the lines between statecraft and tradecraft, evolving the threat landscape beyond conventional security measures.
  • Extortion and weaponization of data have become mainstream among cyber criminals, heavily impacting government and healthcare, among other sectors.
  • Nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical, and even militaristic exploitation purposes.
  • Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and eCrime actors.

CrowdStrike vice president of intelligence Adam Meyers says, “Today, the lines between nation-states and eCrime actors are increasingly blurring, elevating the sophistication of threats to a new level. Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions.

“With the Global Threat Report, public and private sector organizations can be better informed about the employed tactics, techniques, and procedures (TTPs) and properly allocate the defenses and resources necessary to protect assets that are most at risk.”

The global threat report leverages three main resources to analyses threat data including the   CrowdStrike Falcon Intelligence platform, CrowdStrike’s managed hunting team (known as Falcon OverWatch) and the CrowdStrike Threat Graph, which is the company’s cloud-based graph database technology, processing over 90 billion events a day across 176 countries.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.