CrowdStrike
Inc. announced the release of the CrowdStrike Falcon OverWatch 2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team. The report is comprised of threat data from CrowdStrike Falcon OverWatch,
CrowdStrike's industry-leading managed threat hunting team, with
contributions from CrowdStrike Intelligence and Services teams. The
annual report reviews intrusion trends during the first half of 2020 and
provides insights into the current landscape of adversary tactics,
which has been heavily impacted this year by the remote workforce
environment of COVID-19. The report also includes recommendations for
defending against the prevalent tools, techniques and procedures (TTPs)
utilized by threat actors.
"Just
like everything this year, the threat landscape has proven
unpredictable and precarious as eCrime and state-sponsored actors have
opportunistically taken aim at industries unable to escape the chaos of
COVID-19, demonstrating clearly how cyber threat activity is
intrinsically linked to global economic and geo-political forces," said
Jennifer Ayers, vice president of OverWatch and Security Response.
"OverWatch threat hunting data demonstrates how adversaries are keenly
attuned to their victim's environment and ready to pivot to meet
changing objectives or emerging opportunities. For this reason,
organizations must implement a layered defense system that incorporates
basic security hygiene, endpoint detection and response (EDR), expert
threat hunting, strong passwords and employee education to properly
defend their environments."
Some of the notable report findings include:
- First half of 2020 hands-on-keyboard intrusion activity surpasses all of 2019: OverWatch
observed an explosion in hands-on-keyboard intrusions in the first half
of 2020 that has already surpassed the total seen throughout all of
2019. This significant increase is driven primarily by the continued
acceleration of eCrime activity but has also been impacted by the
effects of the pandemic, which presented an expanded attack surface as
organizations rapidly adopted remote workforces and created
opportunities for adversaries to exploit public fear through COVID-19
themed social engineering strategies.
- eCrime continues to increase in volume and reach: Sophisticated eCrime
activity continues to outpace state-sponsored activity, an upward trend
that OverWatch has witnessed over the past three years, accounting for
over 80% of interactive intrusions. This does not indicate a reduction
in nation-state activity, but rather reflects the extraordinary success
threat actors have seen with targeted intrusions using ransomware and
Ransomware-as-a-Service (RaaS) models, which have contributed to a
proliferation of activity from a wider array of eCrime actors.
- Targeting of the manufacturing sector increases dramatically: There
was a sharp escalation of activity in the manufacturing sector in the
first half of 2020 in terms of both the quantity and sophistication of
intrusions from both eCriminals and nation states, making it the second
most targeted vertical observed by OverWatch. Healthcare and food and
beverage also saw increased targeting, suggesting that adversaries have
adjusted their targets to the shifting economic conditions resulting
from the pandemic, focusing on industries made vulnerable by complex
operating environments that experienced sudden changes in demand.
- China continues its aim at telecommunications companies: The telecommunications
industry continues to be a popular target for the nation-states,
specifically China. OverWatch observed six different China-based actors,
whose motivations are likely associated with espionage and data theft
objectives, conducting campaigns against telecommunications companies in
the first half of the year.
CrowdStrike
OverWatch comprises an elite team of cross-disciplinary specialists
that provide deep and continuous human analysis on a 24/7 basis to
relentlessly hunt for anomalous activity designed to evade other
detection techniques. OverWatch harnesses the massive power of the
CrowdStrike Threat Graph®, enriched with CrowdStrike threat
intelligence, to track, investigate and advise on sophisticated threat
activity. The cloud-scale telemetry of over 3 trillion endpoint-related
events collected per week coupled with the detailed tradecraft on 140
adversary groups, provides OverWatch the unrivaled ability to quickly
identify and stop the most advanced threats.
Looking
forward to the remainder of 2020, OverWatch expects to see the
continued brazen tactics of cybercriminals as they innovate and mature
their processes to evade detection technologies and maximize their
impact. To protect their data, organizations must implement a solution
that secures a distributed workforce, is device-agnostic and is
scalable. OverWatch's skilled threat hunting with the robust data
gathered by the Falcon platform provides users a transformative solution
delivered via a single lightweight agent that is easily deployable
regardless of an end user's location, establishing a new standard in
endpoint security.
You can
download a complimentary copy of the report.