Ransomware-related data leaks surged by 82% year-on-year in 2021, but most cyber-attacks involved no malware at all, according to a new report from CrowdStrike.
The security company’s 2022 Global Threat Report was compiled from an analysis of its own incident response engagements and security telemetry.
It revealed that 62% of attacks were compromised of “non-malware, hands-on-keyboard activity.” That means threat actors use legitimate credentials to access networks and then “living off the land” techniques to achieve lateral movement once inside.
Such tactics help them bypass detection by legacy tools, but not current network monitoring and other behavior-based security.
These tactics may partly explain the surge in highly targeted ransomware attacks against high-value organizations, known as “big-game hunting.” CrowdStrike said the number of such attacks leading to data leaks rose from 1474 in 2020 to 2686 last year. This amounts to over 50 targeted ransomware events per week.
The industrial and engineering sector was most frequently hit, accounting for just over 400 attacks last year, followed by manufacturing and then the technology vertical.
Their adversaries have also been ramping up the pressure financially. CrowdStrike observed that ransomware-related demands averaged $6.1m per incident, up 36% from 2020.
CrowdStrike CEO George Kurtz argued that enterprise risk coalesces around three areas: endpoints and cloud workloads, identity and data.
“Threat actors continue to exploit vulnerabilities across endpoints and cloud environments, and ramp up innovation on how they use identities and stolen credentials to bypass legacy defenses – all to reach their goal, which is your data,” he continued.
“As adversaries advance their tradecraft in this manner to bypass legacy security solutions, autonomous machine learning alone is not good enough to stop dedicated attackers.