INTELLIGENT BRANDS // Enterprise Security
Adversaries accelerating targeted access to critical networks
CrowdStrike , a leader in clouddelivered endpoint and workload protection , has announced the release of the CrowdStrike Falcon OverWatch annual report : Nowhere To Hide , 2021 Threat Hunting Report : Insights from the CrowdStrike Falcon OverWatch Team .
The report highlights an explosion in adversary activity , both in volume and velocity . CrowdStrike ’ s threat hunters tracked a 60 % increase in attempted intrusions spanning all industry verticals and geographic regions .
The report is comprised of threat data from Falcon OverWatch , CrowdStrike ’ s industry-leading managed threat hunting team , with contributions from CrowdStrike Intelligence and Services Teams , and provides an inside look at the current threat landscape , notable adversary behavior and tactics and recommendations to increase cyber-resiliency .
In the 2021 report , CrowdStrike ’ s threat hunters directly identified and helped to disrupt more than 65,000 potential intrusions – approximately one potential intrusion every eight minutes .
The report also showcases a significant drop in average breakout time – the time it takes for an intruder to begin moving laterally outside of the initial beachhead to other systems in the network – of just one hour 32 minutes , a threefold decrease from 2020 .
These sobering statistics show how threat actors are constantly adapting tactics , techniques and procedures ( TTPs ) to accelerate their march towards their objectives .
Additional significant OverWatch observations include :
• Adversaries have moved beyond malware . They are using increasingly sophisticated and stealthy techniques tailor-made to evade detections – of all the detections indexed by CrowdStrike Threat Graph in the past three months , 68 % were malware-free .
• China , North Korea and Iran were the most active state-sponsored groups .
• A massive surge in interactive intrusion activity targeting the telecommunications industry . This activity spans all major geographic regions and has been tied to a diverse range of adversaries .
• WIZARD SPIDER was the most prolific cybercriminal group . In fact , this group was seen in nearly double the number of attempted intrusions than any other eCrime group .
• A 100 % increase in instances of cryptojacking .
• Access Brokers had a banner year . eCrime actors who specialize in breaching networks to sell that access to others played a growing and important role for other eCrime actors to stage their attempted intrusions .
“ Over the past year , businesses faced an unprecedented onslaught of sophisticated attacks on a daily basis . Falcon OverWatch has the unparalleled ability to see and stop the most complex threats – leaving adversaries with nowhere to hide ,” said Param Singh , Vice President of Falcon OverWatch , CrowdStrike .
“ In order to thwart modern adversaries ’ stealthy and unabashed tactics and techniques , it ’ s imperative that organizations incorporate both expert threat hunting and threat intelligence into their security stacks , layer Machine Learning enabled Endpoint Detection and Response ( EDR ) into their networks and have comprehensive visibility into endpoints to ultimately stop adversaries in their tracks .” p
68 INTELLIGENTCIO APAC www . intelligentcio . com