Adversaries are accelerating targeted attacks on critical networks, with a significant rise in attempted intrusions witnessed in 2021, according to a recent report by cybersecurity firm CrowdStrike Inc.

CrowdStrike has announced the release of the CrowdStrike Falcon OverWatchTM annual report: ‘Nowhere To Hide, 2021 Threat Hunting Report: Insights from the CrowdStrike Falcon OverWatch Team.’

The report highlights a significant rise in adversary activity, both in volume and velocity. CrowdStrike’s threat hunters tracked a 60 per cent increase in attempted intrusions spanning all industry verticals and geographic regions.

The report also highlighted a significant drop in average breakout time. Breakout time is the time it takes for an intruder to begin moving laterally outside the initial point of breach to other systems in the network.

The average breakout time was one hour 32 minutes, a threefold decrease from 2020.

“These sobering statistics show how threat actors are constantly adapting tactics, techniques, and procedures (TTPs) to accelerate their march toward their objectives,” the report said.

Adopting new techniques

The report also highlighted certain key trends.

Adversaries are moving beyond malware to leverage increasingly sophisticated and stealthy techniques tailor-made to evade detections. Of all of the detections indexed by CrowdStrike Threat Graph in the past three months, 68 per cent were malware-free.

The report also highlighted a massive surge in interactive intrusion activity targeting the telecommunications industry. This activity spans all major geographic regions and has been tied to a diverse range of adversaries.

In terms of State-sponsored attacks, China, North Korea and Iran were the most active State-sponsored groups. The report revealed that the majority of targeted intrusion activity from adversary groups were based out of China, North Korea, and Iran.

‘Wizard Spider’ was the most prolific cyber criminal. This threat group was seen in nearly double the number of attempted intrusions than any other eCrime group. It is the group that is behind targeted operations using Ryuk and, more recently, Conti ransomware.

Furthermore, eCrime actors who specialise in breaching networks, also sell that access to others, playing a growing and important role for other eCrime actors to stage their attempted intrusions.

“Over the past year, businesses faced an unprecedented onslaught of sophisticated attacks on a daily basis,” said Param Singh, Vice-President of Falcon OverWatch, CrowdStrike.

“In order to thwart modern adversaries’ stealthy and unabashed tactics and techniques, it’s imperative that organisations incorporate both expert threat hunting and threat intelligence into their security stacks, layer machine-learning enabled endpoint detection and response (EDR) into their networks and have comprehensive visibility into endpoints to ultimately stop adversaries in their tracks,” said Singh.

The report comprises threat data from Falcon OverWatch, CrowdStrike’s threat hunting team, with contributions from CrowdStrike Intelligence and Services teams. In the 2021 report, CrowdStrike’s threat hunters directly identified and helped to disrupt more than 65,000 potential intrusions, approximately one potential intrusion every eight minutes, it said.

comment COMMENT NOW