Over the course of 2019, 36% of the incidents that CrowdStrike investigated were most often caused by ransomware, destructive malware or denial of service attacks, revealing that business disruption was often the main attack objective of cybercriminals.
Another notable finding in the new CrowdStrike Services Report shows a large increase in dwell time to an average of 95 days in 2019 — up from 85 days in 2018 — meaning that adversaries were able to hide their activities from defenders for longer, and that organizations still lack the technology necessary to harden network defenses, prevent exploitation and mitigate cyber risk.
Business disruption as primary attack objective
- Third-party compromises serve as a force multiplier for attacks. Threat actors are increasingly targeting third-party service providers to compromise their customers and scale attacks.
- Attackers are targeting cloud infrastructure as a service (IaaS). Threat activity around API keys for public cloud-based infrastructure has become more targeted as attackers increase their ability to rapidly and systematically harvest information assets.
- Macs are now clearly in the crosshairs of the cyber fight. Threat actors are increasingly targeting macOS environments, “living off the land” with native applications and capitalizing on less widely used security tools compared to Windows systems in the same organization, which have more security tools in place.
- Patching remains a problem. Basic hygiene still matters, and even though organizations have gotten better at patching, the factors that make patching a challenge have become more complex.
- How prevention is configured impacts its effectiveness. The report finds that many organizations fail to leverage the capabilities of the tools they already have. The failure to enable critical settings not only leaves organizations vulnerable but also gives them a false sense of security.
The report found that organizations that meet the 1-10-60 benchmark — detect an incident in one minute, investigate in 10 minutes and remediate within an hour — are improving their chances of stopping cyber adversaries. However, the found that the vast majority of organizations struggle to meet the 1-10-60 standard.
Beyond the 1-10-60 benchmark, the report offers guidance on remaining protected against today’s ever-evolving threat landscape, including integrating next-generation endpoint security tools and proactive strategies to strengthen cyber posture. Innovative tools and tactics such as machine learning, behavioral analytics and managed threat hunting teams help uncover cyber criminal behavior and motivations, while also preventing incidents from turning into breaches.
“Strong cybersecurity posture ultimately lies within technology that ensures early detection, swift response and fast mitigation to keep adversaries off networks for good,” said Shawn Henry, CSO and president of CrowdStrike Services.