In a trend that many that have been watching the news may not find a surprise, in the first half of 2019, ransomware attacks and phishing attempts are continuing the rise in popularity that they enjoyed in 2018. Much of this increase in activity can be attributed to the increased sophistication of malicious actors, and their improved ability to score large paydays from targeted cyberattacks.
This information comes courtesy of the new 2019 Mid-Year Report from global cybersecurity firm, Crowdstrike’s managed threat hunting service, OverWatch.
In their Mid-Year Report, which provides a summary of the service’s threat hunting findings from the first half of the year, they discovered that in 2019, “…targeted eCrime campaigns increased over 2018 as a result of eCrime actors continuing to mature their ability to provide commercial access to their tactics, techniques and procedures…”
OverWatch is uniquely qualified to identify cybersecurity cyberattack trends. Their mission includes hunting for sophisticated or persistent adversaries targeting the networks of Crowdstrike customers. The Mid-Year Report reviews intrusion trends during that time frame and works to provide readers with insights into the current adversary landscape.
The new Mid-Year Report paints a detailed portrait of a threat landscape that’s ramping up attacks against enterprises – or “Big Game Hunting” activities – in an attempt to elicit financial gain. In fact, the report found that, “61 percent of targeted campaigns in the first half of 2019 were sourced from eCrime adversaries, more than double the proportion observed in 2018.”
How are these attacks being perpetuated? In that area, not much has changed over the past year. According to OverWatch, the initial access techniques being employed in the first half of 2019 mirror what the service saw in 2018 and, “In order of prevalence they include the use of valid accounts, spear-phishing and exploitation of public-facing applications.”
Once inside, OverWatch found that malicious actors work to disable security tools and then establish redundant access. This often involves the use of valid accounts to access compromised endpoints, and then attempting to install implants of various types – including dormant backdoors – to maintain a strong foothold in the network. For this reason, it remains essential that organizations and government entities that may have been compromised continue to monitor their network and engage in active threat hunting, even following a remediation.
The news has been fraught with a number of high-profile ransomware attacks against government agencies and even healthcare organizations in the past few months. These organizations are being compromised, locked out of their systems or data and then extorted for large cash payments to have their access restored. With large payments repeatedly being made to these eCrime perpetuators, it’s no surprise that they’re increasing in frequency – making it even more essential than ever that government agencies and entities protect themselves.
One of the best ways to protect your organization is to understand the full scope of the threat you’re facing. To download a copy of the 2019 Mid-Year Report and learn more about the threat landscape in 2019, click here.