With todays modern threats how do you ensure you have transparency of your entire network?
In CrowdStrike’s latest report titled, “The 2021 Global Threat Report”, their Intelligence team highlight the most significant events and trends that occurred in cyber threat activity in the past year.
The world we live in changed during 2020 as every country tried to contain the aftermath of COVID-19. We saw a significant impact where cyber-attacks and eCrime intrusions increased as we moved en masse to remote working models.
As millions of workers went to work in ill-equipped home offices, many opportunities for cyber predators to easily access sensitive data and networks of staff now working remotely were created.
The fear and concern around COVID-19 provided the perfect cover for a major increase in social engineered attacks by eCrime actors and targeted intrusion adversaries. Both eCrime and targeted intrusion adversaries multiplied their efforts by deploying a variety of inventive new methods to evade detection and defence.
During 2020, CrowdStrike’s Intelligence team also observed repeated exploitation of several different VPN services and web applications.
The report revealed that O365 was a consistent target, along with the deployment of the SUNBURST backdoor, and the StellarParticle actors who demonstrated exceptional knowledge of Microsoft O365 and the Azure environment.
CrowdStrike’s team discussed how the growth in intrusion numbers has been driven in large part by the proliferation of eCrime activity – making up 79% of all attributable intrusions uncovered by OverWatch in 2020.
The 2021 report uncovers trends in eCrime phishing – where social engineering techniques were frequently used by criminally motivated threat actors to tailor phishing campaigns, malspam emails and fraudulent scams.
The COVID-19 pandemic provided criminal actors with a unique opportunity to use lure content and social engineering techniques targeting human emotions and behaviours such as greed, curiosity, fear and the desire to help.
Industries targeted during 2020
CrowdStrike Intelligence identified both eCrime and targeted intrusion adversaries specifically attacking the healthcare sector throughout the pandemic.
During the pandemic, the healthcare sector proved to be a controversial target among BGH operators (BHG is an Australian private equity firm called BGH Capital Fund)
Some adversaries — including TWISTED SPIDER, VIKING SPIDER, GRACEFUL SPIDER and TRAVELING SPIDER — publicly announced intentions to avoid targeting frontline healthcare entities.
Others, including the DOPPEL SPIDER, said that any unintentional infections against a healthcare provider would be quickly resolved by providing decryption keys without requiring payment.
The CrowdStrike Intelligence team identified the highest number of ransomware-associated data extortion operations in the industrial and engineering sectors (with 229 incidents), closely followed by the manufacturing sector (with 228 incidents) as manufacturers were particularly vulnerable to ransomware operations.
During the last year, targeted intrusion actors from China, Russia, Iran, North Korea, India, Pakistan and Vietnam pursued actions on objectives likely related to strategic national security and espionage priorities dictated by their respective states.
Report Takeaways
Recommendations for the 2021 Global Threat Report
The Enablis security team work closely with CrowdStrike to offer specialist security services to protect your business, data and staff from attacks – If you have any questions about Security or are interested in discussing your security framework in more detail, please contact one of the Enablis Security experts via: 1300 887 664 or your Account Manager directly.
To download the full report click here