A larger proportion of cyberattacks in the first half of 2019 can be attributed to electronic criminals (eCrime adversaries) compared to state-sponsored or unidentified attacks. CrowdStrike, a cybersecurity company that provides the CrowdStrike Falcon endpoint protection platform, observes that 61% of targeted cybersecurity campaigns in the first half of 2019 were sourced from eCrime adversaries, compared to 39% from other sources.

Technology was the top vertical market targeted by cyber-attacks in the first half of the year

CrowdStrike Falcon Overwatch platform

The eCrime portion more than doubled since 2018, reflecting an escalation of criminal players in search of more and larger payouts. The trend is among the information presented in CrowdStrike’s Overwatch 2019 Mid-Year Report: Observations from the Front Lines of Threat Hunting. Falcon OverWatch is the CrowdStrike-managed threat hunting service built on the CrowdStrike Falcon platform.

Technology was the top vertical market targeted by cyber-attacks in the first half of the year, followed by telecommunications and non-governmental organisations (including think tanks). Other targets (in decreasing order) were retail, financial, manufacturing, transportation and logistics, gaming, entertainment and engineering. Hospitality disappeared from the list so far this year, although Crowdstrike expects an increase in intrusions aimed at the hospitality industry to put it back in the top 10 by the end of the year.

Intrusion adversaries

In terms of intrusion adversaries, the top players so far in 2019 are Spiders (eCrime) and Pandas (China). Regarding initial access techniques, the most common remain, in order of prevalence, valid accounts, spear-phishing and exploitation of public-facing applications.

2009 is proving to be an active year with a significant increase in eCrime and the inter-relationships occurring across different groups as they strengthen their organisations, forge alliances and expand their footprint.

Need for a proactive security posture

Basic hygiene form the foundation for a strong cybersecurity program

Many of the techniques used by eCrime actors are easily defensible through strong security products and a proactive security posture, says CrowdStrike, which recommends the following measures to help maintain strong defense in 2019:

  • Be attentive to basic hygiene such as user awareness, asset and vulnerability management, and secure configurations, which form the foundation for a strong cybersecurity program.
  • User awareness programs can combat the continued threat of phishing and related social engineering techniques.
  • Asset management and software inventory ensures that an organisation understands it footprint and exposure.
  • Vulnerability and patch management can verify that known vulnerabilities and insecure configurations are identified, prioritised and remediated.
  • Multifactor authentication (MFA) should be established for all users because today's attackers are adept at accessing and using valid credentials.
  • A robust privilege access management process will limit the damage adversaries can do if they get in and reduce the likelihood of later movement.
  • Implementing password protection prevents disabling or uninstalling endpoint protection that provides critical prevention and visibility for defenders.

Countering sophisticated cyber attacks

As sophisticated attacks continue to evolve, enterprises face more than a "malware problem"

As sophisticated attacks continue to evolve, enterprises face more than a "malware problem." Defenders should look for early warning signs that an attack may be underway, such as code execution, persistence, stealth, command control and lateral movement within a network.

Contextual and behavioral analysis, when delivered in real time via machine learning and artificial intelligence, effectively detects and prevents attacks that conventional "defense-in-depth" technologies cannot address.

"1-10-60 rule" in combating advanced cyber threats

CrowdStrike recommends that organisations pursue a "1-10-60 rule" in order to effectively combat sophisticated cyberthreats. That is, they should seek to detect intrusions in under one minute; to perform a full investigation in under 10 minutes, and to eradicate the adversary from the environment in under 60 minutes.

A source at CrowdStrike said "Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action."

Download PDF version Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?