The 2021 Global Threat Report reveals today’s latest threats and attacks

With todays modern threats how do you ensure you have transparency of your entire network?

In CrowdStrike’s latest report titled, “The 2021 Global Threat Report”, their Intelligence team highlight the most significant events and trends that occurred in cyber threat activity in the past year.

The world we live in changed during 2020 as every country tried to contain the aftermath of COVID-19. We saw a significant impact where cyber-attacks and eCrime intrusions increased as we moved en masse to remote working models.

As millions of workers went to work in ill-equipped home offices, many opportunities for cyber predators to easily access sensitive data and networks of staff now working remotely were created.

The fear and concern around COVID-19 provided the perfect cover for a major increase in social engineered attacks by eCrime actors and targeted intrusion adversaries. Both eCrime and targeted intrusion adversaries multiplied their efforts by deploying a variety of inventive new methods to evade detection and defence.

During 2020, CrowdStrike’s Intelligence team also observed repeated exploitation of several different VPN services and web applications.

The report revealed that O365 was a consistent target, along with the deployment of the SUNBURST backdoor, and the StellarParticle actors who demonstrated exceptional knowledge of Microsoft O365 and the Azure environment.

CrowdStrike’s team discussed how the growth in intrusion numbers has been driven in large part by the proliferation of eCrime activity – making up 79% of all attributable intrusions uncovered by OverWatch in 2020.

The 2021 report uncovers trends in eCrime phishing – where social engineering techniques were frequently used by criminally motivated threat actors to tailor phishing campaigns, malspam emails and fraudulent scams.

The COVID-19 pandemic provided criminal actors with a unique opportunity to use lure content and social engineering techniques targeting human emotions and behaviours such as greed, curiosity, fear and the desire to help.

Industries targeted during 2020

CrowdStrike Intelligence identified both eCrime and targeted intrusion adversaries specifically attacking the healthcare sector throughout the pandemic.

During the pandemic, the healthcare sector proved to be a controversial target among BGH operators (BHG is an Australian private equity firm called BGH Capital Fund)

Some adversaries — including TWISTED SPIDER, VIKING SPIDER, GRACEFUL SPIDER and TRAVELING SPIDER — publicly announced intentions to avoid targeting frontline healthcare entities.

Others, including the DOPPEL SPIDER, said that any unintentional infections against a healthcare provider would be quickly resolved by providing decryption keys without requiring payment.

The CrowdStrike Intelligence team identified the highest number of ransomware-associated data extortion operations in the industrial and engineering sectors (with 229 incidents), closely followed by the manufacturing sector (with 228 incidents) as manufacturers were particularly vulnerable to ransomware operations.

During the last year, targeted intrusion actors from China, Russia, Iran, North Korea, India, Pakistan and Vietnam pursued actions on objectives likely related to strategic national security and espionage priorities dictated by their respective states.

Report Takeaways

• In 2021, adversaries employing BGH operations will continue to investigate methods to maximize their impact on targets, likely including custom development to support non-traditional targets within an organization.
• eCrime and targeted intrusion adversaries will continue to develop and implement new methods to bypass detection and impede analysis by researchers.
• The eCrime and targeted intrusion adversaries are sure to include improved obfuscation methods, use of commodity tooling and living-off-the-land techniques.
• In 2020, CrowdStrike observed adversaries exploiting the COVID situation, preying on the public’s fear and escalating attacks.
• If you cannot see it, you can’t protect it. For security teams operating in today’s environment, visibility and speed are critical for blocking attackers that have the capability and intent to steal data and disrupt operations.
• Its business critical to protect identities and access. Organisations must consider multifactor authentication (MFA) on all public-facing employee services and portals as mandatory.
• In addition to MFA, a robust privilege access management process will limit the damage adversaries can do if they get in.
• Zero Trust solutions should be implemented to compartmentalize and restrict data access, thus reducing the potential damages from unauthorized access to sensitive information.
• Invest in expert threat hunting. Interactive attacks use stealthy or novel techniques designed to bypass automated monitoring and detection. Continuous threat hunting is the best way to detect and prevent sophisticated or persistent attacks.

Recommendations for the 2021 Global Threat Report

1. You can get ahead of attackers with threat intelligence.
2. A human being is behind every attack so threat intelligence will help you understand an attacker’s motivation, skills and tradecraft so you can use this knowledge to your advantage to prevent, and even predict, future attacks on your business
3. Make sure you have a current cybersecurity policy that accounts for remote working. Security policies need to include access management for remote workers, the use of personal devices, and updated data privacy considerations for employee access to documents and other information.
4. Create a culture of cybersecurity. While technology is clearly critical in the fight to detect and stop intrusions, the end user remains a crucial link in the chain to stop breaches. User awareness programs should be initiated to combat the continued threat of phishing and related social engineering techniques.

The Enablis security team work closely with CrowdStrike to offer specialist security services to protect your business, data and staff from attacks – If you have any questions about Security or are interested in discussing your security framework in more detail, please contact one of the Enablis Security experts via: 1300 887 664 or your Account Manager directly.

To download the full report click here