CrowdStrike has released an annual report that reviews intrusion trends during the first half of 2020 and provides insights into the current landscape of adversary tactics, which has been heavily impacted this year by the remote workforce environment of COVID-19.
The report also includes recommendations for defending against the prevalent tools, techniques and procedures (TTPs) utilized by threat actors.
“Just like everything this year, the threat landscape has proven unpredictable and precarious as eCrime and state-sponsored actors have opportunistically taken aim at industries unable to escape the chaos of COVID-19, demonstrating clearly how cyber threat activity is intrinsically linked to global economic and geo-political forces,” said Jennifer Ayers, VP of OverWatch and Security Response at CrowdStrike.
“OverWatch threat hunting data demonstrates how adversaries are keenly attuned to their victim’s environment and ready to pivot to meet changing objectives or emerging opportunities. For this reason, organizations must implement a layered defense system that incorporates basic security hygiene, endpoint detection and response (EDR), expert threat hunting, strong passwords and employee education to properly defend their environments.”
First half of 2020 hands-on-keyboard intrusion activity surpasses all of 2019
An explosion in hands-on-keyboard intrusions was observed in the first half of 2020 that has already surpassed the total seen throughout all of 2019.
This significant increase is driven primarily by the continued acceleration of eCrime activity but has also been impacted by the effects of the pandemic, which presented an expanded attack surface as organizations rapidly adopted remote workforces and created opportunities for adversaries to exploit public fear through COVID-19 themed social engineering strategies.
eCrime continues to increase in volume and reach
Sophisticated eCrime activity continues to outpace state-sponsored activity, an upward trend witnessed over the past three years, accounting for over 80% of interactive intrusions.
This does not indicate a reduction in nation-state activity, but rather reflects the extraordinary success threat actors have seen with targeted intrusions using ransomware and Ransomware-as-a-Service (RaaS) models, which have contributed to a proliferation of activity from a wider array of eCrime actors.
Targeting of the manufacturing sector increases dramatically
There was a sharp escalation of activity in the manufacturing sector in the first half of 2020 in terms of both the quantity and sophistication of intrusions from both eCriminals and nation states, making it the second most targeted vertical observed by OverWatch.
Healthcare and food and beverage also saw increased targeting, suggesting that adversaries have adjusted their targets to the shifting economic conditions resulting from the pandemic, focusing on industries made vulnerable by complex operating environments that experienced sudden changes in demand.
China continues its aim at telecommunications companies
The telecommunications industry continues to be a popular target for the nation-states, specifically China. There were six different China-based actors, whose motivations are likely associated with espionage and data theft objectives, conducting campaigns against telecommunications companies in the first half of the year.