Key Findings: CrowdStrike’s 2020 Threat Hunting Report
CrowdStrike has just released its threat hunting report for the first half of 2020. In a year that has seen an unprecedented opportunity for cybercrime, the report is even more eagerly anticipated than ever. The report provides a summary of threat hunting findings, highlighting intrusion trends and giving insights into the current landscape.
The Aim of the Report
CrowdStrike’s threat hunting report is managed by a team of cross-disciplinary specialists. The team uses CrowdStrike threat intelligence to continually hunt, investigate and advise of advanced threat activity in consumer environments. They relentlessly hunt for anomalous novel attacks that evade standard detection.
The report aims to review intrusion trends during the first half of 2020, providing insights into the threat landscape, tactics being used by adversaries and recommendations for how to prevent attacks. In a year that has been heavily impacted by a sudden and dramatic rise in our remote workforce environment due to COVID-19, the report aims to deliver insights that can inform our security strategies in the months ahead.
What’s New in the Report?
The most recent report from CrowdStrike holds true to its usual purpose of finding threats that standard technology can’t. However, in this 2020 mid-year report, the methodology behind its human-driven hunting methodology has been unveiled. SEARCH, as the technique has been coined, uses techniques to sense, enrich, analyse, reconstruct, communicate and hone. By using SEARCH, the CrowdStrike team can sift through to find the faintest traces of malicious activity, detect threats at scale and leave adversaries with nowhere to hide.
This time around, the report naturally focuses on the global pandemic and how the threat landscape has shifted, opening new avenues of attack due to the rapid adoption of remote working. It looks at the industries that have seen the most significant shifts in activity and the motives behind these attacks. Finally, the report highlights key steps that you can take to try to protect your organisations in the current landscape.
Key Takeaways from the Report
The threat landscape has been unpredictable this year as we have faced unprecedented circumstances. And, the opportunistic nature of attacks has shown that every industry has vulnerabilities. The report highlights that cyber threats are fundamentally aligned with economic and political forces, with industries being targeted in their moment of weakness.
Amongst the chaos that 2020 has brought us, the mid-year report has delivered some notable findings:
- Rise in hands-on-keyboard intrusion – while figures were already on the rise, they have sky-rocketed during the past six months and already exceed the total seen in 2019 in terms of volume and reach. The acceleration has clearly been impacted by the global pandemic with an expanded attack surface creating new opportunities and public fear being exploited through COVID-19-themed social engineering.
- Increase in sophisticated cybercrime – while there hasn’t been a reduction in the nation-state activity, which has dominated the last three reports, a significant percentage of this year’s increase reflects the success of targeted intrusions using ransomware. The report shows a greater volume of activity from a wider array of cyber threat actors.
- Shift in targeted industries – the report highlights a steep rise in activity in the manufacturing industry in terms of both quantity and sophistication from both cybercriminals and nation-states. Meanwhile, healthcare and food and beverage also saw an increase in attacks due to shifting economic conditions, complex operating environments and rising demand during the pandemic.
- Telecommunications remains a popular target – telecommunications has continued to be a popular target for nation-states, especially China. The report details six different China-based actors, likely motivated by espionage and data theft, that conducted campaigns against telecommunications companies.
The report clearly demonstrates that cybercriminals carefully watch their victims’ environments and are able to pivot to take advantage of emerging opportunities. Moreover, the threat landscape is intrinsically linked to the global economy.
Recommendations for Your Business
First and foremost, every business needs to be aware that adversaries are tuned in to their operating environments and are ready to strike when vulnerabilities expose themselves. In a time of significant business change, organisations must be prepared to defend their environments. Recommendations from the report include:
- Enabling prevention capabilities – not only should you have comprehensive security measures in place, but you should enable prevention. Endpoint detection and response is vital to avoid blind spots.
- Investing in human threat hunting – with stealthy social engineering techniques being evermore common, automated detection systems aren’t enough. Continuous threat hunting is needed to prevent the persistent threat of attack.
- Practising good hygiene – organisations should have control over the software they are using and remove any unnecessary systems. Moreover, the operating environment should be up to date with the latest security patches.
- Protecting the identity of users – organisations should implement strong password policies, manage user privileges and routinely monitor authentication logs.
- Educating employees – technology can only take security so far. To stop intrusion, all end-users should be well-trained and aware of the latest phishing and social engineering techniques.
In the remainder of 2020, we can expect to see an ongoing development of techniques as cyber threat actors continue to innovate in a rapidly changing landscape. Organisations must work to secure their dispersed workforce in a sustainable and scalable way if they are to protect their data, their users and their businesses.
To access the full Threat Hunting Report report click here.
see our
Related resources
Cybersecurity should be front of mind for every organisation, especially in the wake of the current global pandemic. Our ways of working have changed immensely, with a surge in the volume of remote workers using different networks, devices, and platforms. Meanwhile, our businesses are using cloud computing and IoT technologies to facilitate new ways of working, reduce costs, and improve performance. The result is that the attack surface has increased, and with that comes an increase in the volume of cyber threats.
There are images of extensive, verbose documents, complex definitions, and eye-watering Excel sheets when the term GRC is mentioned. For the past two decades, GRC has been central to core business processes across many organisations at both ends of the enterprise spectrum, as well as in the small-to-medium business space in recent times.
But the world has moved on; organisations are forced to embrace digital disruption and agility if they haven’t done so whole-heartedly. And this very disruption is positioning GRC to become less-than-ideal to solve the challenges that said disruption brings with it.
Phishing attacks have increased dramatically over the last few years, with the global pandemic escalating the situation further. Cybercriminals take advantage of insecurities and fear and play on human nature to trick and deceive. In fact, according to the OAIC, phishing attacks that involved compromised credentials accounted for 30% of all cyber incidents in the first half of 2021. And human error formed a major source of these breaches. Unfortunately, due to the clever social engineering tactics used by cybercriminals, technical filters alone aren’t sufficient to protect against phishing.
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Secure Access Service Edge, better known as SASE (pronounced sassy – yes that is right) was one of the new security terms on the block in 2019. But it’s actually been around for some time, just without its official moniker. It is expected that by 2024, at least 40% of enterprises will have strategies in place to adopt SASE, according to Gartner.
In this post, Cloud Security Engineer, Will Michail takes a look at why its popularity is increasing now, what the term means and how vendors and organisations are utilising it to enable digital transformation.
We're Here To Help