sb-au logo
Story image

Financial cybercrime happened 'almost continuously' in 2019

04 Mar 2020

Financially motivated cybercrime happened on an almost continuous basis in 2019, according to a CrowdStrike report released today.

The study also found an increase in ransomware incidents, as well as a rise in demands from eCrime actors.

The CrowdStrike global threat report confirmed cases of data exfiltration have been rising, which can allow cyber attackers to leak and weaponise sensitive data gleaned from victims.

“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands,” says CrowdStrike vice president of intelligence Adam Meyers.

“As such, modern security teams must employ technologies to investigate incidents faster with swift pre-emptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” said at CrowdStrike.

The 1-10-60 rule suggests security teams to detect intrusions in under one minute; investigate in 10 minutes; contain and eliminate the adversary in 60 minutes. 

Organisations that meet this benchmark are much more likely to eradicate the adversary before an attack spreads from its initial entry point, says CrowdStrike.
 

Some other key features of the report:

Malware-free attacks enjoy a boom

The trend toward malware-free tactics accelerated, with malware-free attacks surpassing the volume of malware attacks.

In 2019, 51% of attacks used malware-free techniques, compared to 40% using malware-free techniques in 2018, underscoring the need to advance beyond traditional antivirus (AV) solutions.

Ransomware does not discriminate by industry

The industries at the top of the target list for enterprise ransomware (Big Game Hunting) observed were local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.

North Korea eyes cryptocurrency

In addition to supporting currency generation, North Korea’s targeting of cryptocurrency exchanges could support espionage-oriented efforts designed to collect information on users or cryptocurrency operations and systems. 

In addition, CrowdStrike Intelligence suspects that the DPRK has also been developing its own cryptocurrency to further circumvent sanctions.

“This year’s report indicates a massive increase in eCrime behaviour that can easily disrupt business operations, with criminals employing tactics to leave organisations inoperable for large periods of time,” says CrowdStrike vice president of OverWatch Jennifer Ayers.

“It’s imperative that modern organisations employ a sophisticated security strategy that includes better detection and response and 24/7/365 managed threat hunting to pinpoint incidents and mitigate risks,” says Ayers.

“CrowdStrike’s comprehensive technology, coupled with our visibility into actor motivations and proactive hunting, protects our customers with the critical components needed to stop modern attacks.”