Nation-state and eCrime actors are elevating the level and complexity of their daily threats, according to Adam Meyers, vice president of Intelligence at CrowdStrike, the network security firm.
According to CrowdStrike’s 2019 global threat report, threat actors are showing increasing signs of collaboration between each other, and they are also using geo-targeting to support multiple eCrime families.
“China, Russia, Iran, and North Korea are seeking geopolitical prominence, both in their respective regions and internationally, and they will use their cyber capabilities to attain and maintain situational awareness of their neighbours and rivals,” said a spokesperson from CrowdStrike.
See also: FIC 2019: Developing multilateral regulations for cyberspace – The rate of change in technology is outstripping legislation by a wide margin and the current legislative framework is simply not fit for use.
“As companies continue to strengthen their security postures, adversaries are adopting more sophisticated techniques to hide their exploits and maintain their foothold,” said Jennifer Ayers, vice president of security response at CrowdStrike. “Augmenting prevention, detection, and response with vigilant, real-time, 24/7 threat hunting is required to identify the clandestine actions of these actors as soon as possible in situations where time is of the essence.”
The report also brought to light some of the most prominent trends in eCrime for 2018, such as the continued rise of “big game hunting”, which combines targeted TTPs with ransomware, in pursuit of large financial payoffs.
Breakout time – the time taken for adversaries to accomplish lateral movement in the victim environment – was also significantly faster for Russian adversaries (18 minutes) than any other major nation-state and criminal actor. North Korea followed second averaging two-hours and 20 minutes.
See also: Dispatches from Davos — Tuesday Afternoon: Cyber takes centre stage – Our man in Davos — Tom Patterson, chief trust officer at Unisys — will be providing his thoughts all week from the World Economic Forum
As for China, CrowdStrike reported a significant increase in U.S. targeting; this is likely related to increased tensions between the two countries.
Entities in the government, defence, think tank and NGO sectors will continue to be the targets of these operations. These intrusions will likely be supported by the targeting of upstream providers in the telecommunications and technology (mainly managed service providers) sectors, and may include supply chain compromises.