Story image

CrowdStrike detail rise of state-sponsored attacks in new global threat report

27 Feb 2018

Endpoint protection company CrowdStrike has released its 2018 Global Threat Report, providing their detailed account of the current attack surface while particularly noting the rise of state-sponsored cyber attacks.

These state-sponsored attacks include what the organisation refers to as the ‘trickle-down effect’, where technologies developed by government ends up being re-proliferated or weaponised, leading to more headaches for end users and organisations.

CrowdStrike VP of technology strategy Michael Sentonas told a media panel that this is part of a shift in how threat actors are operating.

“We’re starting to see interesting changes in the way adversaries are working which makes it very hard for the average end-user,” he said.

“Adversaries are starting to leverage tactics and share them with each other. Attacks that you would see used traditionally by a nation-state, are now being used by a hacktivist or e-crime actor.

“For instance, we’re starting to see a lot of ransomware that is linked back to nation-states, or ransomware that was developed by nation states that have been repurposed.”

Sentonas also mentioned that one of the best examples of this is the WannaCry attack.

“The best example of the trickle-down effect in terms of cyber attacks is WannaCry. We all know essentially where WannaCry has come from, and that capability was reused multiple times on separate occasions throughout the year,” Sentonas continued.

In addition to detailing key trends driving adversary targeting and a dive into the key factors shaping the targeted intrusion campaigns of notable nation-state adversaries, including China, Russia, Iran and North Korea, the report brings to light other metrics defining the state of cybersecurity today across industries.

For example, Malware - while still a huge concern for organisations -  is not as prevalent and overarching as some may think, as many attacks didn’t use Malware at all.

According to CrowdStrike, In 2017, 39% of all attacks constituted malware-free intrusions that were not detected by traditional antivirus, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks. Other notable highlights of report include;

  • CrowdStrike Threat Graph data indicates that it takes an intruder an average of one hour and 58 minutes to begin moving laterally to other systems in the network.
  • The propagation of advanced exploits has blurred the lines between statecraft and tradecraft, evolving the threat landscape beyond conventional security measures.
  • Extortion and weaponization of data have become mainstream among cyber criminals, heavily impacting government and healthcare, among other sectors.
  • Nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical, and even militaristic exploitation purposes.
  • Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and eCrime actors.

CrowdStrike vice president of intelligence Adam Meyers says, “Today, the lines between nation-states and eCrime actors are increasingly blurring, elevating the sophistication of threats to a new level. Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions.

“With the Global Threat Report, public and private sector organizations can be better informed about the employed tactics, techniques, and procedures (TTPs) and properly allocate the defenses and resources necessary to protect assets that are most at risk.”

The global threat report leverages three main resources to analyses threat data including the   CrowdStrike Falcon Intelligence platform, CrowdStrike’s managed hunting team (known as Falcon OverWatch) and the CrowdStrike Threat Graph, which is the company’s cloud-based graph database technology, processing over 90 billion events a day across 176 countries.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.