A view of the global threat landscape: Cybercrime and intrusion trends

Established and well-resourced cyber operations will continue to innovate, developing new methods of distributing crimeware and incorporating advanced tactics to infiltrate, disrupt and destroy systems, according to a new report by CrowdStrike.

“We’ve already seen cyber adversaries launch massive, destructive attacks that render organizations inoperable for days or weeks. Looking ahead, security teams will be under even more pressure to detect, investigate, and remediate breaches faster,” said Dmitri Alperovitch, CrowdStrike’s CTO.

Key findings

• Based on observed incidents, the 2018 CrowdStrike Global Threat Report established that the average “breakout time” in 2017 was one hour and 58 minutes. Breakout time indicates how long it takes for an intruder to jump off the initial system they had compromised and move laterally to other machines within the network.
• In 2017, 39 percent of all observed attacks constituted malware-free intrusions that were not detected by traditional antivirus, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks.
• The propagation of advanced exploits has blurred the lines between statecraft and tradecraft, evolving the threat landscape beyond the defense capabilities of conventional security measures.
• Extortion and weaponization of data have become mainstream among cybercriminals, heavily impacting government and healthcare, among other sectors.
• Nation-state-linked attacks and targeted ransomware are on the rise and could be used for geopolitical and even militaristic exploitation purposes.
• Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and eCrime actors.

“Today, the lines between nation-states and eCrime actors are increasingly blurring, elevating the sophistication of threats to a new level. Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions,” said Adam Meyers, vice president of Intelligence at CrowdStrike. “With the Global Threat Report, public and private sector organizations can be better informed about the employed tactics, techniques, and procedures (TTPs) and properly allocate the defenses and resources necessary to protect assets that are most at risk.”