'Malware-free' attacks now most popular tactic among cyber-criminals

The telecommunications industry also saw increased attacks from threat actors such as those from China and North Korea, which targeted the sector for its intellectual property and competitive intelligence. 
Malware-free tactics accounted for 51% of attacks in 2019, compared to 40% just the year before, though this figure was significantly driven by a sharp increase of such attacks targeting North America. Some 74% of attacks in the region were malware-free. while such techniques accounted for 25% of attacks targeting Indo-Pacific, according to CrowdStrike's Global Threat Report 2020. 
With cybercriminals taking less and less time to break into corporate systems, enterprises will have to tap artificial intelligence and machine learning tools to bolster their ability to defend against attacks and beef up their network resilience.
The annual report's assessment of the threat landscape is based on its analysis of data collected from more than 3 trillion events per week across 176 countries, consult from its intelligence team that tracks 131 adversaries including nation-state and hacktivist actors as well as Falcon OverWatch threat hunters, and findings from its investigations of incident responses in 2019. 
The increasing popularity of malware-free attacks underscored the need for organisations not to rely on antivirus tools, said CrowdStrike. The security vendor defined malware-free attacks as those in which files or file fragments were not written to disk. These could be attacks where codes executed from memory or where stolen credentials were tapped to enable remote logins. It added that malware-free attacks typically required various detection techniques to identify and intercept, such as behavioural detection and human threat hunting. 
The 2020 threat report also saw more incidents of ransomware and ransom demands from cybercriminals who, increasingly, had conducted data exfiltration, enabling them to exploit sensitive data that were proprietary information or potentially embarrassing for victims. 
In addition, nation-state adversaries last year targeted a range of industries, but were especially interested in the telecommunications sector, which saw increased attack frequency from nations such as China and North Korea, noted CrowdStrike. State actors from China, in particular, were keen to target the industry in a bid to steal intellectual property and competitive intelligence, said the US security vendor. 
Furthermore, China's state actors continued to focus on supply chain compromises, "demonstrating the nation-state's continued use of this tactic to identify and infect multiple victims", CrowdStrike said. The vendor added that these hackers also targeted other US industries deemed critical to China's strategic interests, including clean energy, healthcare, biotechnology, and pharmaceuticals. It said such attacks were likely to continue. 
The report also pointed to North Korea's interest on cryptocurrency exchanges, which it suggested facilitated espionage-focused efforts that aimed to gather data on users or cryptocurrency operations and systems. CrowdStrike added that North Korea might be looking to develop its own cryptocurrency to further circumvent trade sanctions.
However, cyber adversaries took longer to break into and move laterally within a network, requiring nine hours to do so, compared to 4 hours and 37 minutes in 2018. This longer "breakout time", as CrowdStrike coined, was reflective of a significant increase in cybercriminal attacks, which the security vendor said typically had longer breakout times compared to attacks launched by nation-state adversaries.
It further stressed the need for organisations to still focus on increasing their speed in identifying and addressing attacks, as nation-state activities last year did not show major changes in breakout times.
Source: By for By The Way |