2020 has presented a host of difficulties from the ongoing pandemic, to hurricanes, to an intense wildfire season. But natural disasters and pandemics weren’t the only threats to government organizations this year – a very real man-made threat also increased in frequency in 2020 – e-Crime. According to cybersecurity powerhouse, CrowdStrike, e-Crime has become a predominant threat to our agencies and organizations, outpacing state-sponsored intrusions by over 60 percent.
Crowdstrike released its 2020 Threat Hunting Report in time for October’s Cybersecurity Awareness Month. In 2019, state-sponsored cyber-attacks represented 31 percent of intrusions. In the first 6 months of 2020, e-Crime intrusions skyrocketed to 82 percent of cyber intrusions. Driven by the COVID-19 pandemic, healthcare, manufacturing, and supply-chain based industries were top targets. But government agencies also saw more than a 5 percent increase in attacks.
The Crowdstrike report highlights key sources of cyber threats like North Korea’s CHOLLIMAS, Iran’s KITTENS, and the non-state-sponsored, e-Crime group SPIDERS. The SPIDERS group had significant impact across most sectors, and especially within governmental agencies.
Activity from the SPIDERS group significantly increased this year due in large part to the response to the COVID-19 pandemic. According to Crowdstrike, “…adversaries gain access using stolen credentials to connect via exposed Remote Desktop Protocol (RDP) services. This is a threat potentially facing many organizations that rapidly enabled a workforce as the COVID-19 pandemic hit.”
To combat this increased threat to RDP infrastructure, CrowdStrike suggests that, “Organizations…review any new infrastructure and remote work security policies as a priority,” and advises that, “The best way to mitigate against this threat is to not expose RDP to the internet.” If an organization needs to keep RDP online, consistent monitoring for unusual behavior is necessary.
The current threat landscape makes continuous cyber analysis of our agencies’ security framework an absolute necessity. “By using legitimate tools already installed on the victim host, malicious activity can be hidden in plain sight,” the report illustrates. The unpredictability of cybersecurity threats, with e-Crime’s rise to prominence, should cause our organizations to review policies, infrastructure, and especially our remote workforce security frequently.
Our cybersecurity efforts cannot remain static because the adversary cabal is far from static. The report makes it clear that “criminally motivated adversaries are employing more sophisticated methods when trying to understand their victims and evade defense – in contrast to the ‘smash and grab’ attacks seen more commonly in past years.”
Illustrating the point, Crowdstrike identified that twenty-seven industry verticals fell victim to e-Crime intrusion in the first half of 2020. In all of 2019, less than half that number of industries were victimized. State-sponsored cyber activity did not dissipate either. We can assume that e-Crime and state-sponsored cyber threats will only continue to increase.
With over 40,000 cyber intrusions in the first half of 2020 alone, and the new reality of a significant remote workforce and education, it is anticipated the threat of cyber intrusions will continue to grow and adapt. So, our agencies need to adapt and continuously do so, in order to protect our constituents, and meet the needs of today’s challenging cyber landscape.