Key Findings: CrowdStrike’s 2020 Threat Hunting Report

CrowdStrike has just released its threat hunting report for the first half of 2020. In a year that has seen an unprecedented opportunity for cybercrime, the report is even more eagerly anticipated than ever. The report provides a summary of threat hunting findings, highlighting intrusion trends and giving insights into the current landscape.

THE AIM OF THE REPORT

CrowdStrike’s threat hunting report is managed by a team of cross-disciplinary specialists. The team uses CrowdStrike threat intelligence to continually hunt, investigate and advise of advanced threat activity in consumer environments. They relentlessly hunt for anomalous novel attacks that evade standard detection.

The report aims to review intrusion trends during the first half of 2020, providing insights into the threat landscape, tactics being used by adversaries and recommendations for how to prevent attacks. In a year that has been heavily impacted by a sudden and dramatic rise in our remote workforce environment due to COVID-19, the report aims to deliver insights that can inform our security strategies in the months ahead.

WHAT’S NEW IN THE REPORT?

The most recent report from CrowdStrike holds true to its usual purpose of finding threats that standard technology can’t. However, in this 2020 mid-year report, the methodology behind its human-driven hunting methodology has been unveiled. SEARCH, as the technique has been coined, uses techniques to sense, enrich, analyse, reconstruct, communicate and hone. By using SEARCH, the CrowdStrike team can sift through to find the faintest traces of malicious activity, detect threats at scale and leave adversaries with nowhere to hide.

This time around, the report naturally focuses on the global pandemic and how the threat landscape has shifted, opening new avenues of attack due to the rapid adoption of remote working. It looks at the industries that have seen the most significant shifts in activity and the motives behind these attacks. Finally, the report highlights key steps that you can take to try to protect your organisations in the current landscape.

KEY TAKEAWAYS FROM THE REPORT

The threat landscape has been unpredictable this year as we have faced unprecedented circumstances. And, the opportunistic nature of attacks has shown that every industry has vulnerabilities. The report highlights that cyber threats are fundamentally aligned with economic and political forces, with industries being targeted in their moment of weakness.

Amongst the chaos that 2020 has brought us, the mid-year report has delivered some notable findings:

• Rise in hands-on-keyboard intrusion – while figures were already on the rise, they have sky-rocketed during the past six months and already exceed the total seen in 2019 in terms of volume and reach. The acceleration has clearly been impacted by the global pandemic with an expanded attack surface creating new opportunities and public fear being exploited through COVID-19-themed social engineering.
  
• Increase in sophisticated cybercrime – while there hasn’t been a reduction in the nation-state activity, which has dominated the last three reports, a significant percentage of this year’s increase reflects the success of targeted intrusions using ransomware. The report shows a greater volume of activity from a wider array of cyber threat actors.
  
• Shift in targeted industries – the report highlights a steep rise in activity in the manufacturing industry in terms of both quantity and sophistication from both cybercriminals and nation-states. Meanwhile, healthcare and food and beverage also saw an increase in attacks due to shifting economic conditions, complex operating environments and rising demand during the pandemic.
  
• Telecommunications remains a popular target – telecommunications has continued to be a popular target for nation-states, especially China. The report details six different China-based actors, likely motivated by espionage and data theft, that conducted campaigns against telecommunications companies.
  

The report clearly demonstrates that cybercriminals carefully watch their victims’ environments and are able to pivot to take advantage of emerging opportunities. Moreover, the threat landscape is intrinsically linked to the global economy.

RECOMMENDATIONS FOR YOUR BUSINESS

First and foremost, every business needs to be aware that adversaries are tuned in to their operating environments and are ready to strike when vulnerabilities expose themselves. In a time of significant business change, organisations must be prepared to defend their environments. Recommendations from the report include:

• Enabling prevention capabilities – not only should you have comprehensive security measures in place, but you should enable prevention. Endpoint detection and response is vital to avoid blind spots.
  
• Investing in human threat hunting – with stealthy social engineering techniques being evermore common, automated detection systems aren’t enough. Continuous threat hunting is needed to prevent the persistent threat of attack.
  
• Practising good hygiene – organisations should have control over the software they are using and remove any unnecessary systems. Moreover, the operating environment should be up to date with the latest security patches.
  
• Protecting the identity of users – organisations should implement strong password policies, manage user privileges and routinely monitor authentication logs.
  
• Educating employees – technology can only take security so far. To stop intrusion, all end-users should be well-trained and aware of the latest phishing and social engineering techniques.
  

In the remainder of 2020, we can expect to see an ongoing development of techniques as cyber threat actors continue to innovate in a rapidly changing landscape. Organisations must work to secure their dispersed workforce in a sustainable and scalable way if they are to protect their data, their users and their businesses.