CrowdStrike’s 2021 Global Threat Report study reveals that 79% of all intrusions (due to physical keyboard activity) in 2020 were electronic crime attacks, according to analysis by dedicated threat hunters . Additionally, these investigations and official sources reveal that nation-state cyber attackers infiltrated networks throughout the year to steal valuable data in search of COVID-19 vaccine research and other intellectual property. became. In fact, 2020 was a remarkable year. Our analysis shows that the attackers are improving their strategies to avoid detecting and cloaking the victim’s network over time.

Not only are there signs that adversaries are becoming more sophisticated, but their numbers are increasing. The number of active surveillance clusters prosecuted increased to 24, with 19 newly designated adversary groups bringing the total number of prosecuted attackers worldwide to 149. 2020 is arguably a more dangerous cyber world than 2019, suggesting that cyber attackers have started 2021 with a head start.

Threat Landscape Facing Legitimate Organizations

The pace of targeted intrusions continues unabated in 2020. Chinese opponents have targeted telecoms businesses, and WICKED PANDA has been successful again this year, despite accusations against those associated with its operations. Democratic People’s Republic of Korea (DPRK) opponents continued their efforts to create a currency. The fusion of electronic crime and targeted intrusion tactics previously associated with these North Korean attackers and some Russian adversaries was also observed in Pioneer Kitten with Iran Nexus. However, the biggest challenge (in terms of activity) does not come from state actors, but from the electronic crime groups that spread ransomware, which has become a huge and lucrative part of their illegal activities. It is these groups that are truly innovating and introducing increasingly harmful tactics, techniques and procedures.

The introduction of data extortion tactics by TWISTED SPIDER was demonstrated in early 2020, proving that electronic criminals are pioneers in leveraging ransomware infections. In retrospect, it’s clear that this portended not only an explosion of similar activity, but a rise in ransomware standards throughout the year. The lure of big game hunting (BGH – his campaign of ransomware targeting high-value targets) dominated his eCrime enabler ecosystem and drove the network access broker market. The BGH trend is also disrupting the behavior of traditional targeted e-crime, as evidenced by CARBON SPIDER’s move from a targeted POS system to the BGH rank. A BGH entity and founder of the eCrime “giant”, his WIZARD SPIDER continued its high-speed activity, becoming his most reported eCrime attacker for the second year in a row.

This accelerated adoption of data extortion coincided with the launch of dedicated leak sites (DLS) associated with specific ransomware families. These approaches were adopted by at least 23 ransomware operators in 2020. Companies could pay the price for not exposing their data if they thought they could restore operations from existing clean backups without paying the ransom. To make matters worse, businesses will have to pay both a ransom to get their business back on track and an additional payment to prevent data loss. In this way, the opponent is more likely to be forced to pay by his one of his own tactics.

Threat intelligence helps right-size defenses to match threats

Threat intelligence enables organizations to prepare defenses against the attackers most likely to target them, allowing threat hunters to identify indicators of compromise and prevent intrusions from networks based on recognizable indicators. you can block someone. Only in this way can security teams be utilized optimally and effectively. Known threat groups with recognizable behavior carry out most targeted attacks, so it makes sense to know how to recognize their symptoms.

Nearly four of his five interactive intrusions are caused by eCrime attackers. When it comes to building strong defenses, it is imperative that these opposing groups receive maximum attention. This is not to say that targeted intervention by government-backed groups should be ignored, but the relative risks are lower. However, the total number of intrusions, both targeted and electronic, increased significantly from last year he did in 2019.

If you operate in an industry with high risk levels, it is important to raise your vigilance levels. CrowdStrike Intelligence identified most ransomware incidents in the industrial and engineering sector (229 incidents), followed by manufacturing (228 incidents). Technology, retail, healthcare, financial services, professional services, government, logistics, and law then round out the 10 most common industries targeted for data extortion related to BGH operations. Maintaining current threat intelligence helps security teams better understand the motivations, objectives, and attack behavior of threat actors. Organizations can make faster, more informed, data-driven security decisions and change their behavior from reactive to proactive in combating threat actors. can.

In many cases, hire an external, fully managed cybersecurity services team that can perform not only threat intelligence, but also incident response, threat hunting, endpoint recovery services, and proactive monitoring to address security gaps recommend to. Your organization is facing extreme limitations or wants to further strengthen its security team.

Cloud-based security solutions like Endpoint Detection and Response have changed the game in this regard. Threats can be tracked and analyzed globally and this information can be shared with customers in real time. As attacks progress, defenders can leverage the scale and speed of cloud security to identify risks and ensure that people, data and corporate networks are protected wherever they are.