Story image

CrowdStrike detail rise of state-sponsored attacks in new global threat report

27 Feb 2018

Endpoint protection company CrowdStrike has released its 2018 Global Threat Report, providing their detailed account of the current attack surface while particularly noting the rise of state-sponsored cyber attacks.

These state-sponsored attacks include what the organisation refers to as the ‘trickle-down effect’, where technologies developed by government ends up being re-proliferated or weaponised, leading to more headaches for end users and organisations.

CrowdStrike VP of technology strategy Michael Sentonas told a media panel that this is part of a shift in how threat actors are operating.

“We’re starting to see interesting changes in the way adversaries are working which makes it very hard for the average end-user,” he said.

“Adversaries are starting to leverage tactics and share them with each other. Attacks that you would see used traditionally by a nation-state, are now being used by a hacktivist or e-crime actor.

“For instance, we’re starting to see a lot of ransomware that is linked back to nation-states, or ransomware that was developed by nation states that have been repurposed.”

Sentonas also mentioned that one of the best examples of this is the WannaCry attack.

“The best example of the trickle-down effect in terms of cyber attacks is WannaCry. We all know essentially where WannaCry has come from, and that capability was reused multiple times on separate occasions throughout the year,” Sentonas continued.

In addition to detailing key trends driving adversary targeting and a dive into the key factors shaping the targeted intrusion campaigns of notable nation-state adversaries, including China, Russia, Iran and North Korea, the report brings to light other metrics defining the state of cybersecurity today across industries.

For example, Malware - while still a huge concern for organisations -  is not as prevalent and overarching as some may think, as many attacks didn’t use Malware at all.

According to CrowdStrike, In 2017, 39% of all attacks constituted malware-free intrusions that were not detected by traditional antivirus, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks. Other notable highlights of report include;

  • CrowdStrike Threat Graph data indicates that it takes an intruder an average of one hour and 58 minutes to begin moving laterally to other systems in the network.
  • The propagation of advanced exploits has blurred the lines between statecraft and tradecraft, evolving the threat landscape beyond conventional security measures.
  • Extortion and weaponization of data have become mainstream among cyber criminals, heavily impacting government and healthcare, among other sectors.
  • Nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical, and even militaristic exploitation purposes.
  • Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and eCrime actors.

CrowdStrike vice president of intelligence Adam Meyers says, “Today, the lines between nation-states and eCrime actors are increasingly blurring, elevating the sophistication of threats to a new level. Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions.

“With the Global Threat Report, public and private sector organizations can be better informed about the employed tactics, techniques, and procedures (TTPs) and properly allocate the defenses and resources necessary to protect assets that are most at risk.”

The global threat report leverages three main resources to analyses threat data including the   CrowdStrike Falcon Intelligence platform, CrowdStrike’s managed hunting team (known as Falcon OverWatch) and the CrowdStrike Threat Graph, which is the company’s cloud-based graph database technology, processing over 90 billion events a day across 176 countries.

Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Aussies too lax about IoT security - McAfee
Aussie consumers are at a loss when it comes to securing the increasing number of connected devices in their homes and are often opting to take no action at all.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
NATO picks BlackBerry's encrypted voice technology to secure calls
The NCI Agency acquires, deploys and defends communication systems for NATO's political decision-makers and command centres