Current trends in cybercrime

The OverWatch team from CrowdStrike, a provider of cloud-based endpoint protection, has announced recent trends in cybercrime. A recently released report summarizes the OverWatch Threat Hunting Team's findings in the first half of 2019. Furthermore, it provides insights into common tools, techniques and procedures used by state-organized as well as criminally motivated hacker groups, with examples, and offers recommendations for effective protection.

Data basis: Two trillion incidents per week on end devices

The OverWatch team consists of interdisciplinary specialists and monitors more than 120 state-affiliated and criminal hacker groups that target CrowdStrike's customers' networks. This involves capturing, investigating and stopping more than two trillion security-related incidents per week on users' endpoints using the cloud-based and AI-powered Falcon platform. Using these massive amounts of data, intelligent algorithms can be used to identify threat patterns and attack trends and defend effectively. The 2019 OverWatch Report presents key trends and insights from these massive datasets and highlights effective defenses.

Key trends in cybercrime

Here are some of the key observations from the OverWatch Report:

• Massive increase in targeted, financially motivated attacks (e-crime): In the first half of 2019, unlike in the past, these activities accounted for the majority of observed attacks. This does not mean that nation-state motivated attacks have decreased, but rather that criminally motivated hacker (groups) are specifically looking for rewarding targets instead of driving widely scattered but easily fizzled attacks.
• Retail increasingly targeted by cybercrimeE-crime campaigns, especially with ransomware, are on the rise everywhere. While the retail sector moved under the radar of cybercriminal actors in previous years, it has emerged as a lucrative target in 2019. Overall, companies in the technology, telecommunications and financial services sectors were attacked most frequently in both 2018 and 2019.
• China remains one of the most active attackers: Similar to previous years, state-organized attackers from China were the most active. It was observed that almost all sectors were targeted - including chemicals, gaming, healthcare, industry, technology and telecommunications.

"Both criminally and nation-state motivated attackers are often well positioned in networks of their targets through stealth attacks. In the first half of 2019, OverWatch has consistently seen attackers leverage valid user accounts to penetrate compromised endpoints," said Jennifer Ayers, vice president of OverWatch and security response at CrowdStrike. "Attackers will continue to act brazenly and resort to sophisticated means. With ever-changing IT architectures and the use of mobile devices that often can't be protected by an enterprise VPN, it's essential for organizations to leverage cutting-edge threat mitigation capabilities."

End devices as gateways for cybercrime

The collected data shows that unprotected mobile devices are often the gateways for attackers and traditional protection mechanisms are no longer sufficient. It is necessary to protect against sophisticated threats that go beyond classic malware such as fileless attacks, zero day exploit attacks (ZETA) or other sophisticated techniques. Endpoint Detection & Response (EDR) solutions that are cloud-based with intelligent algorithms focused on endpoint protection, combined with multidisciplinary threat hunting teams of experienced specialists can help quickly detect, analyze and disarm even the most sophisticated threats. CrowdStrike, for example, offers its customers Falcon, a platform for endpoint protection that has also been named a "Leader" by Gartner.

More information: www.crowdstrike.de