CrowdStrike announces Threat Hunting Report, reveals rise in eCrime Activity
CrowdStrike has announced the release of the Falcon OverWatchTM 2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team. The report is comprised of threat data from CrowdStrike Falcon OverWatch, CrowdStrike’s industry-leading managed threat hunting team, with contributions from CrowdStrike Intelligence and Services teams. The annual report reviews intrusion trends during the first half of 2020 and provides insights into the current landscape of adversary tactics, which has been heavily impacted this year by the remote workforce environment of COVID-19. The report also includes recommendations for defending against the prevalent tools, techniques and procedures (TTPs) utilized by threat actors.
Jennifer Ayers, Vice President of OverWatch and Security Response, says, “Just like everything this year, the threat landscape has proven unpredictable and precarious as eCrime and state-sponsored actors have opportunistically taken aim at industries unable to escape the chaos of COVID-19, demonstrating clearly how cyber threat activity is intrinsically linked to global economic and geo-political forces. OverWatch threat hunting data demonstrates how adversaries are keenly attuned to their victim’s environment and ready to pivot to meet changing objectives or emerging opportunities. For this reason, organizations must implement a layered defence system that incorporates basic security hygiene, endpoint detection and response (EDR), expert threat hunting, strong passwords and employee education to properly defend their environments.”
Some of the notable report findings include:
● First half of 2020 hands-on-keyboard intrusion activity surpasses all of 2019: OverWatch observed an explosion in hands-on-keyboard intrusions in the first half of 2020 that has already surpassed the total seen throughout all of 2019. This significant increase is driven primarily by the continued acceleration of eCrime activity but has also been impacted by the effects of the pandemic, which presented an expanded attack surface as organizations rapidly adopted remote workforces and created opportunities for adversaries to exploit public fear through COVID-19 themed social engineering strategies.
● eCrime continues to increase in volume and reach: Sophisticated eCrime activity continues to outpace state-sponsored activity, an upward trend that OverWatch has witnessed over the past three years, accounting for over 80% of interactive intrusions. This does not indicate a reduction in nation-state activity, but rather reflects the extraordinary success threat actors have seen with targeted intrusions using ransomware and Ransomware-as-a-Service (RaaS) models, which have contributed to a proliferation of activity from a wider array of eCrime actors.
● Targeting of the manufacturing sector increases dramatically: There was a sharp escalation of activity in the manufacturing sector in the first half of 2020 in terms of both the quantity and sophistication of intrusions from both eCriminals and nation states, making it the second most targeted vertical observed by OverWatch. Healthcare and food and beverage also saw increased targeting, suggesting that adversaries have adjusted their targets to the shifting economic conditions resulting from the pandemic, focusing on industries made vulnerable by complex operating environments that experienced sudden changes in demand.
● China continues its aim at telecommunications companies: The telecommunications industry continues to be a popular target for the nation-states, specifically China. OverWatch observed six different China-based actors, whose motivations are likely associated with espionage and data theft objectives, conducting campaigns against telecommunications companies in the first half of the year.