sb-eu logo
Story image

Financial cybercrime happened 'almost continuously' in 2019

04 Mar 2020

Financially motivated cybercrime happened on an almost continuous basis in 2019, according to a CrowdStrike report released today.

The study also found an increase in ransomware incidents, as well as a rise in demands from eCrime actors.

The CrowdStrike global threat report confirmed cases of data exfiltration have been rising, which can allow cyber attackers to leak and weaponise sensitive data gleaned from victims.

“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands,” says CrowdStrike vice president of intelligence Adam Meyers.

“As such, modern security teams must employ technologies to investigate incidents faster with swift pre-emptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” said at CrowdStrike.

The 1-10-60 rule suggests security teams to detect intrusions in under one minute; investigate in 10 minutes; contain and eliminate the adversary in 60 minutes. 

Organisations that meet this benchmark are much more likely to eradicate the adversary before an attack spreads from its initial entry point, says CrowdStrike.

Some other key features of the report:

Malware-free attacks enjoy a boom

The trend toward malware-free tactics accelerated, with malware-free attacks surpassing the volume of malware attacks.

In 2019, 51% of attacks used malware-free techniques, compared to 40% using malware-free techniques in 2018, underscoring the need to advance beyond traditional antivirus (AV) solutions.

Ransomware does not discriminate by industry

The industries at the top of the target list for enterprise ransomware (Big Game Hunting) observed were local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.

North Korea eyes cryptocurrency

In addition to supporting currency generation, North Korea’s targeting of cryptocurrency exchanges could support espionage-oriented efforts designed to collect information on users or cryptocurrency operations and systems. 

In addition, CrowdStrike Intelligence suspects that the DPRK has also been developing its own cryptocurrency to further circumvent sanctions.

“This year’s report indicates a massive increase in eCrime behaviour that can easily disrupt business operations, with criminals employing tactics to leave organisations inoperable for large periods of time,” says CrowdStrike vice president of OverWatch Jennifer Ayers.

“It’s imperative that modern organisations employ a sophisticated security strategy that includes better detection and response and 24/7/365 managed threat hunting to pinpoint incidents and mitigate risks,” says Ayers.

“CrowdStrike’s comprehensive technology, coupled with our visibility into actor motivations and proactive hunting, protects our customers with the critical components needed to stop modern attacks.”

Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More
Story image
A third of millennials think they're 'too boring' to be victim of cyber attack
While many millennials are concerned at how their data is being used and whether they are being targeted by cyber-attackers, according to Kaspersky any potential action taken to tighten their online security is at ‘the bottom of their to-do list’.More
Story image
10 billion records sit in unsecured databases - China leads the pack
The hacker uncovered a total of 9517 unsecured databases worldwide, collectively containing more than 10 billion entries.More
Story image
Cyber criminals turn to Gmail and AOL to advance attacks
“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests."More
Story image
Google and Amazon overtake Apple as most imitated brands - Check Point
Google and Amazon were the most imitated brands in phishing attempts for the second quarter of 2020, according to Check Point. More
Story image
Interview: Acronis co-founder on going all-in for DLP
Data-loss prevention (DLP) strategies are a cornerstone of wider cybersecurity ecosystems, especially to counter the risks of remote working. Acronis co-founder Stas Protassov explains its significance and why it acquired a DLP powerhouse.More