Business disruption was the main objective of attackers in the last year, with ransomware, DDoS and malware commonly used.
According to the CrowdStrike Services Cyber Front Lines Report, which offers observations from its incident response and proactive services, a third (36%) of incidents often involved ransomware, destructive malware or denial of service attacks. Crowdstrike determined that these three factors to be focused on “business disruption,” and while an adversary’s main goal in a ransomware attack is financial gain, the impact of disruption to a business can often outweigh the loss incurred by paying the ransom.
Also observed in 25% of the investigated incidents was data theft, including the theft of intellectual property, personally identifiable information and personal health information. IP theft has been linked to numerous nation state adversaries that specialize in targeted intrusion attacks, while PII and PHI data theft can enable both espionage and criminally-motivated operations.
“Typically, this type of data may be used by a cyber-espionage actor to build a dossier on a high-profile target, or a cyber-criminal may sell or ransom the information,” the report said.
To get on to a network, the most popular vector was spear-phishing, accounting for 35% of investigated cases, compared to 16% using web attacks and another 16% using compromised credentials.
Jack Mannino, CEO at nVisium, told Infosecurity that in many cases, we’re struggling with many of the same issues from a decade ago, while we’re seeing an increase in attacks against cloud infrastructure and systems.
“While many organizations have been in the cloud for a while, countless teams are still undertaking transformation and are attempting to replicate security controls that they have developed internally within a new architecture,” he said.
The report also found that organizations that meet Crowdstrike’s 1-10-60 benchmark — detect an incident in one minute, investigate in 10 minutes and remediate within an hour — are improving their chances of stopping cyber-adversaries. However, it found that the vast majority of organizations struggle to meet the 1-10-60 standard in another recent survey, despite the vast majority of organizations seeing adherence to the rule as a “game changer” in ensuring protection. “Adhering to the rule is a challenging benchmark that requires speed and experience,” the report said.
Shawn Henry, chief security officer and president of CrowdStrike Services, said: “The report offers observations into why ransomware and business disruption dominated headlines in 2019 and gives valuable insight into why issues with adversarial dwell time remain a problem for businesses around the world. Strong cybersecurity posture ultimately lies within technology that ensures early detection, swift response and fast mitigation to keep adversaries off networks for good.”
Rui Lopes, engineering and technical support manager at Panda Security, said that the use of cyberspace to carry out all kinds of malicious activities is not going anywhere in 2020, “and while cybersecurity players work to mitigate attacks, organizations struggle on their end with a gap in security experts which may not be covered even if they have a budget for it.”