2019 Global Threat Report Shows It Takes Innovation and Speed to Win Against Adversaries

February 19, 2019

Executive Viewpoint

Update: CrowdStrike’s 2020 Global Threat Report is now available. Download the report to stay ahead of today’s adversaries.

This year’s Global Threat Report: “Adversary Tradecraft and the Importance of Speed,” addresses the quickening pace and increasing sophistication in adversary tactics, techniques and procedures (TTPs) over the past year — and in particular, highlights the critical importance of speed in staying ahead of rapidly evolving threats.

Last year, we introduced the concept of “breakout time” — the window of time from when an adversary first compromises an endpoint machine, to when they begin moving laterally across your network. In this year’s report, we were able to provide a more granular examination of breakout time by clocking the average speed of major nation-state actors. The report compares the breakout speeds of Russia, China, North Korea, Iran, and the combined category of global eCrime actors. This and other unique insights in the report can help organizations advance their response objectives, depending on which adversary types they are most likely to encounter in the year ahead.

The report also makes clear — in spite of some impressive indictments against several named nation-state actors — their activities show no signs of diminishing. Throughout 2018, eCrime and nation-state adversaries collectively upped their game. A few examples:

  • In diplomatic channels and the media, several nation-states gave lip-service to curbing their clandestine cyber activities, but behind the scenes, they doubled down on their cyber espionage operations — combining those efforts with further forays into destructive attacks and financially motivated fraud.
  • eCrime actors demonstrated new-found flexibility, forming and breaking alliances and quickly changing tactics mid-campaign to achieve their objectives. The shifting currents of the underground economy — including the availability of new TTPs-for-hire and the fluctuating value of Bitcoin —  were all contributing factors.
  • We also witnessed an increased focus on “Big Game Hunting,” where eCrime actors combine targeted intrusions with ransomware to extract big payoffs from large enterprise organizations.

This report’s findings on adversary tradecraft and speed reflect what many defenders already know: We are in a veritable “arms race” for cyber superiority. However, there are some important differences between an arms race in the cybersphere versus the physical world: In cyberspace, any player can potentially become a superpower. The capital costs are alarmingly low, compared to funding a physical war machine. Even some of the world’s most impoverished regions proved their ability to make a global impact through cyber campaigns in 2018 — and this is one genie that is not going back in the bottle.

At CrowdStrike, we experience on a daily basis the role defenders play in the cyber arms race. As we introduce more effective endpoint protection to the market, we raise the stakes for determined adversaries. CrowdStrike has documented cases where bad actors discover our products in the environment and simply go away, presumably to ply their tradecraft on a more vulnerable victim. In other cases, patient attackers simply go back to the drawing board, adding new weapons to their cyber arsenals as they probe for a novel, less defended point of entry.

This never-ending cycle of attack and defense is at the heart of what we do and explains the unique structure of the CrowdStrike® organization. With our dedicated teams, we focus on these complementary disciplines:

  • Tracking and analyzing adversary activity though global intelligence-gathering and proactive hunting
  • Developing and deploying groundbreaking new technologies to combat bad actors
  • Delivering best-in-class incident response services directly to the victims of cyberattacks

The Global Threat Report joins the CrowdStrike Services Cyber Intrusion Casebook and the Falcon OverWatch™ Report in presenting customers and the global cybersecurity community with the latest developments and defenses for an increasingly dangerous threat landscape. This holistic view of the threat landscape allows CrowdStrike to provide you with specific guidance on the actions organizations need to take to strengthen their security postures.

The fight continues, and we will never rest in our pursuit of adversaries seeking to damage, disrupt, extort, or steal. Throughout the Global Threat Report, you will see the talent, expertise, and dedication of our CrowdStrike team combining with the power of our technology to stop the most sophisticated adversaries. We’re eager to share what we’ve learned because of our uncompromising commitment to defeat the nation-states, e-crime actors, hackers, and cybercriminals threatening our commerce and invading our privacy.

Additional Resources


Related Content