2021 Threat Hunting Report: OverWatch Once Again Leaves Adversaries with Nowhere to Hide
This time last year, the CrowdStrike Falcon OverWatch™ reported on mounting cyber threats facing organizations as they raced to adopt work-from-home practices and adapt to constraints imposed by the rapidly escalating COVID-19 crisis. Unfortunately, the 12 months that followed have offered little in the way of reprieve for defenders. The past year has been marked by some of the most significant and widespread cyberattacks the world has seen.
The OverWatch team has seen attempted interactive intrusion activity continue at record levels. Both eCrime and targeted intrusion adversaries have continued to evolve and mature their tradecraft, finding new ways to evade technology-based defenses.
In the newly released Falcon OverWatch annual report, 2021 Threat Hunting Report: Insights From the Falcon OverWatch Team, threat hunters share the trends in adversary tradecraft that have emerged over the past year. This report, now in its fourth year, documents OverWatch’s ongoing campaign to disrupt adversaries’ attempts at interactive intrusions.
In the battle defined by both stealth and speed, OverWatch is winning — leaving adversaries with nowhere to hide.
Threat Hunting by the Numbers
The 2021 Threat Hunting Report reveals the scale and spread of potential interactive cyber intrusions uncovered and disrupted with the help of OverWatch. In the 12 months from July 1, 2020 to June 30, 2021, OverWatch tracked adversaries in the networks of organizations from every corner of the globe and nearly every industry vertical. No organization is outside the reach of today’s highly motivated adversaries.
OverWatch has eyes-on-glass 24/7/365, looking for even the faintest signal of adversary activity. Adversaries do not sleep — they are not restricted by time zone or geography. Adversaries also move fast — they are capable of moving laterally to additional hosts within just minutes of achieving initial access. It is in this context that OverWatch’s around-the-clock vigilance proves so critical.
In this past year alone, OverWatch’s human threat hunters have directly identified more than 65,000 potential intrusions. That’s approximately 1 potential intrusion every 8 minutes ― every hour of the day and night.
Human-triggered detections are only half of the OverWatch equation. In order to detect intrusion attempts at speed and on a global scale, OverWatch draws on its threat hunting findings to continuously advance the autonomous detection techniques in the CrowdStrike Falcon®platform. Over the last year, threat hunters have distilled their findings into the development of hundreds of new behavioral-based preventions for the Falcon platform, resulting in the direct prevention of malicious activity on approximately 248,000 unique endpoints.
With a powerful combination of human expertise and industry-leading technology, OverWatch can not only disrupt the most sophisticated intrusion attempts today, but also develop insights into detections that ensure swift identification and prevention of known threats into the future.
What You’ll Find in This Year’s Report
- An overview of how OverWatch combines human ingenuity with patent protected workflows to find the threats technology alone cannot (the SEARCH methodology)
- A 10,000-foot view of the interactive threat landscape as observed by OverWatch
- Six detailed case-studies providing insights into how adversaries are carrying out their campaigns in the wild
- A new look not only at the most common tactics, techniques and procedures (TTPs) used by adversaries, but also those OverWatch believes defenders should have on their radar
- An analysis of potential intrusions by vertical, including a special feature on the telecommunications vertical, which saw attempted intrusions double this past year
- Recommendations for defenders looking to better protect their organization from current and emerging threats
Whether you’re a seasoned defender looking to learn the latest or a cyber professional just starting out, the 2021 OverWatch Threat Hunting Report has something for you. Be sure to download your copy of the report today.