CrowdStrike Inc., the developer of cloud-delivered endpoint protection solutions, announced the release of the 2021 CrowdStrike Global Threat Report. The findings from the report reveal that during 2020, supply chain attacks, ransomware, data extortion, and nation-state threats prove to be more prolific than ever. Besides, the report uncovered the rising ransom demands from various eCrime actors, further adding that eCrime attacks made up 79% of all intrusions through hands-on-keyboard activity.
CrowdStrike stated that the supply chain sector is the most targeted vector for threat actors as it allows them to penetrate multiple targets from a single intrusion. Threat actors have improved their hacking strategies to evade detection and disguise into networks to perform data exfiltration, enabling the weaponization of sensitive data through threats of leaking proprietary information.
- The health care sector will continue to face significant threats from criminal groups as CrowdStrike Intelligence confirmed 18 Big Game Hunting enterprise ransomware families infected 104 health care organizations in 2020.
- Adversaries from the Democratic People’s Republic of Korea (DPRK) will be motivated to enhance cyber operations in 2021 due to COVID-19, and a resulting food shortage.
- Data extortion techniques will continue to accelerate through the introduction of Dedicated Leak Sites (DLS).
- China will focus on supply chain compromises and the targeting of key western verticals in support of the 14th Five Year Plan and the COVID-19 vaccine including academic, health care, technology, manufacturing, and aerospace.
CrowdStrike’s eCrime Index
Due to the unprecedented rise in eCrimes, CrowdStrike has introduced a new eCrime index (ECX) along with the 2021 CrowdStrike Global Threat Report. The ECX exhibits the strength, volume, and sophistication of the cybercriminal market, and is updated weekly in real-time based on 18 unique indicators of criminal activity.
“There is a human being behind every attack, and cyber actors are getting bolder and more astute day-to-day. As such, it is critical to employ comprehensive cloud-native technology for increased visibility and prevention capabilities including threat intelligence and expert threat hunting to stay one step ahead of modern-day attacks. Additionally, today’s rapidly changing remote work environment highlights that identity protection is central to the defense of any enterprise’s infrastructure. Organizations must take decisive action to control access and protect data to outmaneuver adversaries,” said Adam Meyers, senior vice president of intelligence at CrowdStrike.
CrowdStrike’s “1-10-60” Rule
Preventing threats from sophisticated nation-state and eCrime adversaries requires a mature process that can prevent, detect, and respond to threats with speed and agility. CrowdStrike recommends organizations pursue the “1-10-60 rule” to effectively thwart cyberthreats.
1-10-60 rule recommends organizations to:
- Detect intrusions in under one minute.
- Investigate in 10 minutes.
- Contain and eliminate the adversary in 60 minutes.
Organizations that meet this benchmark are much more likely to eradicate the adversary before an attack spreads from its initial entry point, ultimately minimizing organizational impact.