It’s been another banner year for bad actors.
Not only did the volume and intensity of cyberattacks hit new highs, the overall level of sophistication across the global threat landscape experienced a meteoric rise. The theme of this year’s report, “Blurring the Lines Between Statecraft and Tradecraft,” reflects this disturbing trend.
There are several factors contributing to this fundamental leveling of the playing field between highly skilled — and typically well-funded — nation-state adversaries and their less sophisticated criminal and hacktivist counterparts. One of the biggest contributors is the “trickle-down effect” present in the cyberthreat arena.
The idea of trickle-down is not new. In fact, it’s precisely how state-sponsored R&D programs are supposed to work: Governments fund development of sophisticated technologies and those eventually get transferred out to the private sector as products and services. Consider GPS. It was originally designed for military applications, from missile targeting to tracking objects and assets on the ground. Now everyone has GPS in their pockets, and in their cars. It’s so ingrained in our daily lives, it’s hard to remember how we ever managed without it. That’s a textbook example of how government-sponsored technology can successfully trickle down to the masses.
Unfortunately, there’s also a dark side to this phenomenon. That was certainly the case with WannaCry. This crippling malware epidemic was based on military-grade espionage techniques around a Windows vulnerability known as EternalBlue, which ultimately fell into the wrong hands. A great deal of effort, time and money went into its development and, regrettably, it was leaked.
The result of trickle-down in the field of cybersecurity has been a proliferation of highly sophisticated weaponry for cyberwarfare being pushed down into the mass market and commoditized. The consequences to legitimate organizations have been alarmingly clear. What makes these attacks so effective is that they are essentially immune to the traditional endpoint defense technologies that most organizations have relied on for the past 20 or more years.
As the CrowdStrike threat report points out with great clarity, it’s time for the good guys to step up. Defending against “government-grade” attacks requires enlisting a host of new security technologies and approaches that go beyond the simple signature-based prevention of the past.
In addition to vital information from the Falcon Intelligence™ team, this year’s report has been expanded to include a year-end summary from the Falcon Overwatch™ proactive hunting team, as well as top statistical trends distilled from the nearly 100 billion events CrowdStrike Threat Graph™ analyzes every day. These additions reveal facts that amplify the need for organizations to increase their defense capabilities. One key statistic we found was that the average “breakout time” in 2017 was only one hour and 58 minutes. Breakout time measures how long it takes for intruders to jump off the initial system they compromised and move laterally to other machines within the network. This short window to act doesn’t leave much room for error when you’re protecting sensitive data.
I sincerely hope that this threat report will help your understanding of important shifts in the threat landscape, and provide the information you need to make your organization more resilient, more prepared and better protected, so that together, we can stop breaches.
Download the CrowdStrike 2018 Global Threat Report: Blurring the Lines Between Statecraft and Tradecraft. Attend a CrowdStrike webcast for an in-depth analysis of the 2018 Global Threat Report.