The recently released CrowdStrike 2021 Global Threat Report (GTR) provides a stark but comprehensive outline of the ongoing threat landscape facing modern cybersecurity professionals. Hot off the heels of, “a year of hardship and grief for many,” CrowdStrike’s annual report offers information that will be critical to learning the lessons from 2020 and for protecting your data infrastructure in 2021.
Reflecting on 2020, CrowdStrike notes that the cybersecurity industry at large faced significant challenges in maintaining existing cybersecurity policies. With significant attacks on institutions and corporations, cybersecurity professionals developed new sets of best practices after learning harsh lessons.
CrowdStrike’s comprehensive and detailed account of both threats and best practices serves as an effective tool for planning an effective cybersecurity plan in 2021. The report is divided into four main sections, and each is full of pertinent information that is well worth a deep dive as the threat landscape continues to evolve and present challenges.
Among the many features of the GTR is the new eCrime Index (ECX), which weighs various impacts of monitored observable incidents and actions. This index provides consumers with information on the state of underground economic activity, which has major bearings on the wider world economy. Needless to say, the ECX presents a useful metric before considering business decisions or when assessing the need for increased or enhanced cybersecurity.
However, all this is just the surface level, at the core of the report lies the most important information which GovCyberHub believes to be critical to understanding the threat landscape of today.
Targeted Intrusions Against Healthcare
As the pandemic continued to slow down economic activity, the focus of many cyberattacks – particularly from state actors – shifted to acquiring information that has taken on new importance: vaccines. Specifically, the information to create and disseminate vaccines to a nation’s population. Worldwide, governments all struggled to find the means to research and produce viable vaccines, and – while some would turn to industry partners in healthcare – others would attempt to steal that information. Many are still trying.
COVID-19 vaccines are a high-priority target, according to CrowdStrike, which notes that there have been, significant intrusions into healthcare networks. The perpetrators come from a variety of nations, but North Korea, Vietnam, Iran, Russia, and China are the main actors. Each nation challenged existing cybersecurity systems and succeeded with some regularity at acquiring the information they then leverage for use in their home nations’ COVID-19 response.
Before cybersecurity professionals in the healthcare industry can start to address the risks, they must understand the threat. CrowdStrike details each nation’s attacks and how they accessed sensitive, proprietary information in their report. Looking ahead, CrowdStrike cautions that vaccine rollout information will likely be a target for these actors. Cyber-criminals will likely utilize variations on existing COVID-19 themes in addition to fears of new variants to find exploitable entryways into systems.
SolarWinds Blew Down the Cyber-Wall
Dec. 13, 2020, is a date that will live in infamy among cybersecurity professionals. Following the public reporting of a sophisticated supply chain attack against SolarWinds Orion IT management software, malicious code was reported and observed by a large number of worldwide organizations. The adversary utilized backdoor access to disseminate their code, named Sunburst, to a variety of connected systems. Needless to say, the ramifications have yet to be fully understood.
What is known is that Sunburst has the ability to “collect information about the host, enumerate files and services on the system, make HTTP requests to arbitrary URLs, write/delete/execute arbitrary files, modify registry keys, terminate processes, and reboot the system.” With these capabilities in hand, the adversary can identify whether or not a relevant user, or system, can provide further access to targeted applications and data – and then begin the process of moving horizontally across the network.
CrowdStrike’s Global Threat Report notes that supply chain attacks are nothing new, but that this hack has showcased significant vulnerabilities inherent to an incredibly large number of cybersecurity networks. Attacks like SolarWinds will continue in 2021, and with adversaries having access to numerous systems, CrowdStrike expects an increase in ransomware and mineware attacks in the threat landscape.
These represent only two of the most important findings of CrowdStrike’s Global Threat Report. To see the rest of the report and building a better more secure cybersecurity environment, click HERE to download a complimentary copy.