Story image

CrowdStrike detail rise of state-sponsored attacks in new global threat report

27 Feb 18

Endpoint protection company CrowdStrike has released its 2018 Global Threat Report, providing their detailed account of the current attack surface while particularly noting the rise of state-sponsored cyber attacks.

These state-sponsored attacks include what the organisation refers to as the ‘trickle-down effect’, where technologies developed by government ends up being re-proliferated or weaponised, leading to more headaches for end users and organisations.

CrowdStrike VP of technology strategy Michael Sentonas told a media panel that this is part of a shift in how threat actors are operating.

“We’re starting to see interesting changes in the way adversaries are working which makes it very hard for the average end-user,” he said.

“Adversaries are starting to leverage tactics and share them with each other. Attacks that you would see used traditionally by a nation-state, are now being used by a hacktivist or e-crime actor.

“For instance, we’re starting to see a lot of ransomware that is linked back to nation-states, or ransomware that was developed by nation states that have been repurposed.”

Sentonas also mentioned that one of the best examples of this is the WannaCry attack.

“The best example of the trickle-down effect in terms of cyber attacks is WannaCry. We all know essentially where WannaCry has come from, and that capability was reused multiple times on separate occasions throughout the year,” Sentonas continued.

In addition to detailing key trends driving adversary targeting and a dive into the key factors shaping the targeted intrusion campaigns of notable nation-state adversaries, including China, Russia, Iran and North Korea, the report brings to light other metrics defining the state of cybersecurity today across industries.

For example, Malware - while still a huge concern for organisations -  is not as prevalent and overarching as some may think, as many attacks didn’t use Malware at all.

According to CrowdStrike, In 2017, 39% of all attacks constituted malware-free intrusions that were not detected by traditional antivirus, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks.

Other notable highlights of report include;

  • CrowdStrike Threat Graph data indicates that it takes an intruder an average of one hour and 58 minutes to begin moving laterally to other systems in the network.
  • The propagation of advanced exploits has blurred the lines between statecraft and tradecraft, evolving the threat landscape beyond conventional security measures.
  • Extortion and weaponization of data have become mainstream among cyber criminals, heavily impacting government and healthcare, among other sectors.
  • Nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical, and even militaristic exploitation purposes.
  • Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and eCrime actors.

CrowdStrike vice president of intelligence Adam Meyers says, “Today, the lines between nation-states and eCrime actors are increasingly blurring, elevating the sophistication of threats to a new level. Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions.

“With the Global Threat Report, public and private sector organizations can be better informed about the employed tactics, techniques, and procedures (TTPs) and properly allocate the defenses and resources necessary to protect assets that are most at risk.”

The global threat report leverages three main resources to analyses threat data including the   CrowdStrike Falcon Intelligence platform, CrowdStrike’s managed hunting team (known as Falcon OverWatch) and the CrowdStrike Threat Graph, which is the company’s cloud-based graph database technology, processing over 90 billion events a day across 176 countries.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.