Key Findings: CrowdStrike’s 2020 Threat Hunting Report
CrowdStrike has just released its threat hunting report for the first half of 2020. In a year that has seen an unprecedented opportunity for cybercrime, the report is even more eagerly anticipated than ever. The report provides a summary of threat hunting findings, highlighting intrusion trends and giving insights into the current landscape.
The Aim of the Report
CrowdStrike’s threat hunting report is managed by a team of cross-disciplinary specialists. The team uses CrowdStrike threat intelligence to continually hunt, investigate and advise of advanced threat activity in consumer environments. They relentlessly hunt for anomalous novel attacks that evade standard detection.
The report aims to review intrusion trends during the first half of 2020, providing insights into the threat landscape, tactics being used by adversaries and recommendations for how to prevent attacks. In a year that has been heavily impacted by a sudden and dramatic rise in our remote workforce environment due to COVID-19, the report aims to deliver insights that can inform our security strategies in the months ahead.
What’s New in the Report?
The most recent report from CrowdStrike holds true to its usual purpose of finding threats that standard technology can’t. However, in this 2020 mid-year report, the methodology behind its human-driven hunting methodology has been unveiled. SEARCH, as the technique has been coined, uses techniques to sense, enrich, analyse, reconstruct, communicate and hone. By using SEARCH, the CrowdStrike team can sift through to find the faintest traces of malicious activity, detect threats at scale and leave adversaries with nowhere to hide.
This time around, the report naturally focuses on the global pandemic and how the threat landscape has shifted, opening new avenues of attack due to the rapid adoption of remote working. It looks at the industries that have seen the most significant shifts in activity and the motives behind these attacks. Finally, the report highlights key steps that you can take to try to protect your organisations in the current landscape.
Key Takeaways from the Report
The threat landscape has been unpredictable this year as we have faced unprecedented circumstances. And, the opportunistic nature of attacks has shown that every industry has vulnerabilities. The report highlights that cyber threats are fundamentally aligned with economic and political forces, with industries being targeted in their moment of weakness.
Amongst the chaos that 2020 has brought us, the mid-year report has delivered some notable findings:
- Rise in hands-on-keyboard intrusion – while figures were already on the rise, they have sky-rocketed during the past six months and already exceed the total seen in 2019 in terms of volume and reach. The acceleration has clearly been impacted by the global pandemic with an expanded attack surface creating new opportunities and public fear being exploited through COVID-19-themed social engineering.
- Increase in sophisticated cybercrime – while there hasn’t been a reduction in the nation-state activity, which has dominated the last three reports, a significant percentage of this year’s increase reflects the success of targeted intrusions using ransomware. The report shows a greater volume of activity from a wider array of cyber threat actors.
- Shift in targeted industries – the report highlights a steep rise in activity in the manufacturing industry in terms of both quantity and sophistication from both cybercriminals and nation-states. Meanwhile, healthcare and food and beverage also saw an increase in attacks due to shifting economic conditions, complex operating environments and rising demand during the pandemic.
- Telecommunications remains a popular target – telecommunications has continued to be a popular target for nation-states, especially China. The report details six different China-based actors, likely motivated by espionage and data theft, that conducted campaigns against telecommunications companies.
The report clearly demonstrates that cybercriminals carefully watch their victims’ environments and are able to pivot to take advantage of emerging opportunities. Moreover, the threat landscape is intrinsically linked to the global economy.
Recommendations for Your Business
First and foremost, every business needs to be aware that adversaries are tuned in to their operating environments and are ready to strike when vulnerabilities expose themselves. In a time of significant business change, organisations must be prepared to defend their environments. Recommendations from the report include:
- Enabling prevention capabilities – not only should you have comprehensive security measures in place, but you should enable prevention. Endpoint detection and response is vital to avoid blind spots.
- Investing in human threat hunting – with stealthy social engineering techniques being evermore common, automated detection systems aren’t enough. Continuous threat hunting is needed to prevent the persistent threat of attack.
- Practising good hygiene – organisations should have control over the software they are using and remove any unnecessary systems. Moreover, the operating environment should be up to date with the latest security patches.
- Protecting the identity of users – organisations should implement strong password policies, manage user privileges and routinely monitor authentication logs.
- Educating employees – technology can only take security so far. To stop intrusion, all end-users should be well-trained and aware of the latest phishing and social engineering techniques.
In the remainder of 2020, we can expect to see an ongoing development of techniques as cyber threat actors continue to innovate in a rapidly changing landscape. Organisations must work to secure their dispersed workforce in a sustainable and scalable way if they are to protect their data, their users and their businesses.
To access the full Threat Hunting Report report click here.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help