A research report from CrowdStrike Inc., the developer of cloud-delivered endpoint protection solutions, revealed that eCrime activities and other malicious actions of state-sponsored actors have increased during the first half of 2020. The “2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team” highlighted the intrusion trends and insights into the current landscape of adversary tactics.
The CrowdStrike OverWatch Team stated that they have observed an upsurge in hands-on-keyboard intrusions in the H1 2020 that has already surpassed the total reported intrusions in 2019. The sudden increase in cyberthreats is primarily due to the continued acceleration of eCrime activities by exploiting public fear through COVID-19-themed social engineering techniques.
- Sophisticated eCrime activity continues to outpace state-sponsored activity, an upward trend that OverWatch has witnessed over the past three years, accounting for over 80% of interactive intrusions.
- However, this does not indicate a reduction in nation-state activity, but rather reflects the extraordinary success threat actors have seen with targeted intrusions using ransomware and Ransomware-as-a-Service (RaaS) models, which have contributed to a proliferation of activity from a wider array of eCrime actors.
- There was a sharp escalation of activity in the manufacturing sector in the first half of 2020 in terms of both the quantity and sophistication of intrusions from both eCriminals and nation states, making it the second most targeted vertical observed by OverWatch.
- Health care, food, and beverage industries also saw increased targeting, suggesting that adversaries have adjusted their targets to the shifting economic conditions resulting from the pandemic, focusing on industries made vulnerable by complex operating environments that experienced sudden changes in demand.
- The telecommunications industry continues to be a popular target for the nation-states, specifically China. OverWatch observed six different China-based actors, whose motivations are likely associated with espionage and data theft objectives, conducting campaigns against telecommunications companies in the first half of the year.
Jennifer Ayers, Vice President of OverWatch and Security Response, said, “Just like everything this year, the threat landscape has proven unpredictable and precarious as eCrime and state-sponsored actors have opportunistically taken aim at industries unable to escape the chaos of COVID-19, demonstrating clearly how cyber threat activity is intrinsically linked to global economic and geo-political forces. OverWatch threat hunting data demonstrates how adversaries are keenly attuned to their victim’s environment and ready to pivot to meet changing objectives or emerging opportunities.”
It is time for organizations to implement a layered defense mechanism that incorporates endpoint detection and response (EDR), threat hunting, password management, and employee awareness to enhance their cybersecurity posture.