CrowdStrike’s Annual Threat Hunting Report Reveals One Potential Intrusion Is Identified Every Seven Minutes
13 Setembro 2022 - 4:01AM
Business Wire
Findings from Falcon Overwatch threat hunters
showed faster breakout times by eCrime adversaries and one million
malicious events were prevented by the CrowdStrike Falcon
platform
CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered
protection of endpoints, cloud workloads, identity and data, today
announced the release of the fourth annual CrowdStrike Falcon
OverWatch threat hunting report: Nowhere to Hide: 2022 Falcon
OverWatch Threat Hunting Report. The global report reveals a record
50% year-over-year (YoY) increase of hands-on intrusion attempts,
and distinct changes in attack trends and adversary tradecraft.
Most notably, Falcon OverWatch threat hunters identified more than
77,000 potential intrusions, or approximately one potential
intrusion every seven minutes. These are instances where proactive,
human-led threat hunting uncovered adversaries actively carrying
out malicious techniques at various stages of the attack chain,
despite attackers’ best efforts to covertly evade autonomous
detection methods.
Falcon OverWatch calculated that the breakout time (i.e. the
time, on average, it takes an adversary to move laterally from
initial compromise to other hosts within the victim environment)
for eCrime adversaries has fallen to one hour and 24 minutes –
compared to one hour and 38 minutes as reported by Falcon OverWatch
in the 2022 CrowdStrike Global Threat Report. Moreover, Falcon
OverWatch found that in approximately one-third (30%) of those
eCrime intrusions, the adversary was able to move laterally in
under 30 minutes. These findings underline the speed and scale at
which threat actors evolve their tactics, techniques and procedures
(TTPs), and are capable of bypassing even the most sophisticated
technology-based defense systems to successfully achieve their
goals.
“Over the past 12 months, the world has faced new challenges
spurred by economic pressures and geopolitical tensions,
backdropping a threat landscape that is as complicated as ever,”
said Param Singh, vice president, Falcon OverWatch at CrowdStrike.
“To thwart brazen threat actors, security teams must implement
solutions that proactively search for hidden and advanced attacks
every hour of every day. The combination of the CrowdStrike Falcon
platform with the telemetry, tooling, threat intelligence and human
ingenuity of Falcon OverWatch managed threat hunting protects
organizations globally against the most sophisticated and stealthy
threats.”
Other key findings from the report include:
- eCrime is the top threat type for interactive intrusion
campaigns. eCrime accounted for 43% of interactive intrusions,
while state-nexus actors accounted for 18% of activity. Hacktivists
accounted for just 1% of interactive intrusion campaigns, with the
remaining intrusions unattributed.
- Adversaries continue shifting away from malware.
Malware-free threat activity accounted for 71% of all detections
indexed by the CrowdStrike Threat Graph. The predominance of
malware-free activity is related, in part, to adversaries’ prolific
abuse of valid credentials to facilitate access and persistence in
victim environments. Another factor is the rate at which new
vulnerabilities are being disclosed and the speed with which
adversaries are able to operationalize exploits.
- Technology is the top industry targeted for interactive
intrusions. The top five industries targeted overall were
technology (19%), telecommunications (10%), manufacturing (7%),
academic (7%) and healthcare (7%). Of note, technology was targeted
90% more frequently by interactive intrusions than the second-most
targeted industry.
- Telecommunications is the top industry for targeted
intrusions by nation-state actors. The top five industries
targeted overall were telecommunications (37%), technology (14%),
government (9%), academic (5%) and media (4.5%). The
telecommunications industry continues to be preyed on for
fulfillment of state-sponsored surveillance, intelligence and
counterintelligence collection priorities. Of note,
telecommunications faced 163% more targeted intrusions by
state-nexus actors than the second-most targeted industry.
- Healthcare finds itself in the crosshairs of
Ransomware-as-a-Service (RaaS). The volume of attempted
interactive intrusions against the healthcare industry has doubled
year-over-year. A significant majority of these intrusions have
been attributed to eCrime.
The report includes insights from Falcon OverWatch’s global
threat hunting operations from July 1, 2021 through June 30, 2022,
and outlines in-depth attack data and analysis, case studies and
actionable recommendations.
Additional Resources
- Download your copy of the full report Nowhere to Hide: 2022
Falcon OverWatch Threat Hunting Report on the CrowdStrike
website.
- Tune in on Twitter Spaces on September 19 at 11:30 a.m. PT to
hear from experts live from Fal.Con as they highlight key takeaways
from the 2022 Falcon OverWatch Threat Hunting Report.
https://twitter.com/i/spaces/1YpJkgOPADrJj
- Join the CrowdStrike Falcon OverWatch threat hunting team for a
live CrowdCast on October 6 as they share new attack trends and
tradecrafts from the 2022 Falcon OverWatch Threat Hunting Report.
Register here:
https://www.crowdstrike.com/resources/crowdcasts/nowhere-to-hide-2022-falcon-overwatch-threat-hunting-report/
About CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has
redefined modern security with one of the world’s most advanced
cloud-native platforms for protecting critical areas of enterprise
risk – endpoints and cloud workloads, identity and data.
Powered by the CrowdStrike Security Cloud and world-class AI,
the CrowdStrike Falcon® platform leverages real-time indicators of
attack, threat intelligence, evolving adversary tradecraft and
enriched telemetry from across the enterprise to deliver
hyper-accurate detections, automated protection and remediation,
elite threat hunting and prioritized observability of
vulnerabilities.
Purpose-built in the cloud with a single lightweight-agent
architecture, the Falcon platform delivers rapid and scalable
deployment, superior protection and performance, reduced complexity
and immediate time-to-value.
CrowdStrike: We stop breaches.
Learn more: https://www.crowdstrike.com/ Follow us: Blog |
Twitter | LinkedIn | Facebook | Instagram Start a free trial today:
https://www.crowdstrike.com/free-trial-guide/
© 2022 CrowdStrike, Inc. All rights reserved. CrowdStrike, the
falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are
marks owned by CrowdStrike, Inc. and registered with the United
States Patent and Trademark Office, and in other countries.
CrowdStrike owns other trademarks and service marks, and may use
the brands of third parties to identify their products and
services.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20220913005643/en/
Kevin Benacci CrowdStrike Corporate Communications
press@crowdstrike.com
CrowdStrike (NASDAQ:CRWD)
Gráfico Histórico do Ativo
De Mar 2024 até Abr 2024
CrowdStrike (NASDAQ:CRWD)
Gráfico Histórico do Ativo
De Abr 2023 até Abr 2024