These were the trends in cyberattacks in 2018
The number of destructive cyber attacks has continued to increase in 2018. Criminal hacker groups have increased their effectiveness, operating freely across geographies and industries. They are relentless in their search for gaps in organizations' IT infrastructure. And where gates are open, they seize the opportunity. Their goals are geopolitical or financial.
Cybersecurity company CrowdStrike analyzed large amounts of security-related data from 2018 in its latest report, the Cyber Intrusion Casebook. In it, it summarizes the challenges organizations and businesses face and how they can better prepare for the next wave of attacks. Four main trends in cyberattacks and attack methods can be identified:
1. e-crime actors are using increasingly creative techniques to monetize their attacks.
The innovation of attackers and the sophistication of e-crime actors is not diminishing. The hostile ecosystem continues to evolve, and actors who used to work discreetly and in isolation are now working in a coordinated manner and joining forces. In 2018, for example, users of business email addresses felt this repeatedly. The report came across cases that went far beyond simply reading emails: Stakeholders could watch live as the emails were written and sent.
2. attackers strike quickly and deeply
Attackers are patient when it comes to achieving their goals: they get into systems quickly, become active quickly, but when it comes down to it, they muster enormous patience. State attackers are particularly persistent and resourceful in their search for high-value data in the target organization.
As in previous years, uncritical reliance on legacy tools provided attackers with the opportunity to linger in the systems for an extended period of time. Often, for example, companies thought the case was solved. But the attacker continued to hide or was quickly back.
Often, organizations migrated their data to the cloud with the expectation that the cloud services providers would have security mechanisms and controls in place. Whether the providers configured and applied the controls correctly, they had no way of knowing. Simple misconfigurations and misunderstandings of access controls allow hackers to gain access to an organization - simply through the cloud provider.
3. commodity malware is often a precursor to a highly disruptive attack
Access gained with commodity malware (malicious code that affects software used on a variety of devices) is increasingly sold to other actors. They then deploy ransomware, steal intellectual property, or initiate cryptomining, fraud, and extortion. For example, attackers were observed using a malware family called TrickBot, only to pass on the access gained with it to other hostile groups, who then launched extortion attacks. This method has even been observed in small to medium-sized businesses. A company's vulnerability to commodity malware can ultimately be an indicator of the effectiveness of its overall security strategy.
4. attackers hide in plain sight and pose as legitimate users
The fastest and most damaging attacks are still those in which attackers impersonate legitimate users. They often occur when user credentials are unchecked, misconfigured, or bypassed. Once access is gained, the organization is fully exposed. Incorrectly configured and ill-conceived use of access controls often gives organizations a false sense of protection.
In view of these trends in cyberattacks, it is also apparent that security is not just an issue for the IT department, but affects the entire company and must be considered strategically. The golden rule is the time target of the "1-10-60 rule". On average, companies or organizations should allow no more than one minute to identify a threat, ten minutes to investigate it and 60 minutes to resolve it. Companies that act with this in mind increase their chances of staying ahead of the enemy and preventing an attack.
Source: CrowdStrike
