Cyber Criminals Catch Up With Nation-States

The trickle-down effect of advanced “military-grade” tools is seeing the gap between cyber-criminal and nation state attack capabilities closing, outpacing many organisations’ defence capabilities

The lines are blurring between statecraft and tradecraft, evolving the cyber threat landscape beyond the defence capabilities of conventional security measures, according to the latest global threat report by security firm CrowdStrike.

In 2017, 39% of all attacks that CrowdStrike observed constituted malware-free intrusions that were not detected by traditional antivirus systems, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks, the report revealed.

CrowdStrike data also indicates that it takes an intruder an average of one hour 58 minutes to begin moving laterally to other systems in the network.

Extortion and weaponisation of data have become mainstream among cyber criminals, the report warned, heavily impacting government and healthcare, among other sectors.

Nation state-linked attacks and targeted ransomware are also on the rise and could be used for geopolitical and even militaristic exploitation purposes, the report said.

Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and cyber-criminal actors, the report said.

“We have already seen how cyber criminals can come up with massive, destructive attacks that render organisations inoperable for days or weeks,” said Dmitri Alperovitch, CrowdStrike’s chief technology officer and co-founder.

“Looking ahead, security teams will be under even more pressure to detect, investigate and remediate breaches fast.”

Established and well-resourced cyber operations will continue to innovate, developing new methods of distributing crime-ware and incorporating advanced tactics to infiltrate, disrupt and destroy systems, the report warned.

Adam Meyers, vice-president of intelligence at CrowdStrike, said the lines between nation-state and cyber-crime actors are increasingly blurring, raising the sophistication of threats to a new level.

“Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions,” he said.

Meyers said CrowdStrike’s latest report is aimed at making public and private sector organisations better informed about the tactics, techniques and procedures that attackers are using to enable defenders to allocate the most appropriate defences and resources.

Computer Weekly

You Might Also Read: 

Cyber Criminals Have Access To Weapons Grade Hacking Tools:

Cybercriminals Use Fake Websites:

 

« UK Think Tanks Hacked by Groups in China
The Mysteries Of Crypotocurrencies »

Directory of Suppliers

Vertical Structure

Vertical Structure

Vertical Structure help you to understand your current level of information & data security. We help you to obtain and retain certifications, including

Rapid 7

Rapid 7

Rapid7's IT security data and analytic solutions collect and analyze the security data you need to securely manage today's sophisticated applications and services.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

MENTIS Software

MENTIS Software

MENTIS provides a comprehensive enterprise data security and breach prevention platform to protect sensitive information assets.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Ridgeback Network Defense

Ridgeback Network Defense

Ridgeback is an enterprise security software platform that defeats malicious network invasion in real time. Ridgeback champions the idea that to defeat an enemy you must engage them.

Station X

Station X

Station X specialise in utilising cutting-edge technology, extensive knowledge and experience, to help clients identify vulnerabilities and reduce business risk from cyber security attacks.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

SecuGen

SecuGen

SecuGen is a leading provider of advanced, optical fingerprint recognition technology, products, tools and platforms for physical and information security.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.