It’s no news to anyone in the know that the tempo of cyber-attacks has risen sharply since the onset of the pandemic. But what may not be as clear to many CIOs and CISOs dealing with the challenge in Australia, is that malicious actors have changed their behaviour in several important ways.
Drawing from the latest ‘OverWatch Threat Hunting Report’ by cyber security experts, CrowdStrike, here are the top 5 most notable behavioural changes observed across the cyber landscape in the 12 months to June 30, 2021.
1 – Interactive intrusion is on the rise
CrowdStrike reported a whopping 60 percent increase in interactive intrusion activity over the 12 months to June 30, 2021, spanning a broad range of industry verticals and geographic regions.
“The threat of hands-on intrusion activity remains very real”, it notes in the report, revealing that it had uncovered interactive intrusion activity attributable to 30 specifically named threat actor groups. In addition, threat hunters uncovered an extensive array of activity suspected of being eCrime or targeted intrusion activity, but not specifically tied to a named group.
2 – Adversaries have moved beyond malware
Looking at the huge number of detections indexed by CrowdStrike in the three months to end-June 2021, a full 68 percent were malware-free, with attackers increasingly using more sophisticated, stealthier techniques purpose-built to evade autonomous detections. This includes increasingly trying to woo internal staff of target organisations promising them a share of the spoils.
3 – eCrime consolidates dominance
CrowdStrike reports that eCrime continues to dominate the threat landscape, making up 75 percent of all interactive intrusion activity. This stems largely from increased maturity of the big game hunting (BGH) business model, in particular the emergence of so-called ‘access brokers’ which effectively sell the keys to the castle to other criminals willing to pay.
eCrime adversaries continue to innovate and evolve their techniques to improve their chances of success. For instance, it’s believed the majority of ransomware offenders in the BGH arena have now added the threat of data leaks via so-called data leak sites (DLS) to their extortion playbooks.
4 – Bad guys are moving with greater speed
CrowdStrike also notes that eCrime adversaries are moving with increasing speed to achieve their aims. They’re now being observed as being able to move laterally within victims’ environments in an average of just 1 hour and 32 minutes. Even more alarming, just over a third (36 percent) of adversaries observed managed to move laterally within 30 minutes, with one clocked at just 4 minutes and 13 seconds!
5 – Targeted intrusions attacking telcos and retail
While Crowdstrike notes that targeted intrusion adversaries remain a serious threat, they have dramatically increased their focus on the telecommunications industry, accounting for 40 percent of all state-nexus intrusion activity in the past 12 months.
Overall, organisations in both the telco and retail sectors experienced a doubling of attacks across the board in the 12 months to June 31, 2021, placing them 2nd and 8th in CrowdStrike’s top 10.
The technology sector came in as the most attacked industry, with manufacturing in at 3rd followed by financial services, professional services, universities, and healthcare. The public sector and engineering were the 9th and 10th most targeted sectors respectively.
Attackers appearing to operate out of China accounted for the biggest share, followed by North Korea and Iran. However, in the past year, and as noted above CrowdStrike also tracked an uptick in suspected state-nexus activity not attributed to named actor groups.
The findings of the CrowdStrike Threat Hunting report underscore the importance of factoring more than merely malware tools, rather deliberate and ongoing efforts by adversaries, in turn demanding cyber security strategies that combine humans with technology tools in order to ensure the best chanced of protection.
Chat with an Enablis security expert today about protecting your remote workers and data or Click here to download the report for recommendations to protect your business against current and emerging threats.