Every day cyber security teams vigilantly deploy tools, monitor networks to detect malware and protect them against adversaries. But, is your organization protecting against the right adversaries and tactics? Are money and efforts being spent wisely?
The CrowdStrike 2014 Global Threat Intel Report offers insight to help organizations answer these questions. This report summarizes CrowdStrike’s year-long daily scrutiny of more than 50 groups of cyber threat actors, including 29 different state sponsored and nationalist adversaries.Key findings explain how financial malware changed the threat landscape and point of sale malware became increasingly prevalent. The report also profiles a number of new and sophisticated adversaries from China and Russia profiled, including Hurricane Panda, Fancy Bear, and Berserk Bear.
Last year’s report correctly predicted six activities that came to fruition in 2014, including foretelling that North Korea would engage in destructive attacks.
In an upcoming CrowdCast, the CrowdStrike Intelligence Team will present key findings including 2014’s cybercrime trends, targeted intrusion trends, hacktivist and nation-state adversary activity, and global event driven operations.
We recently caught up with Adam Meyers, Vice President of Intelligence, to learn more about the report and why it’s a valuable document that all business leaders should be reading.
The Adversary Manifesto (TAM) – What unique information does the CrowdStrike Global Threat Intel Report provide?
Adam Meyers (AM) – Most of the cyber security reports out there use broadly collected data to provide statistics on threat. Our report uses data to provide a narrative about adversaries in the context of the real world which makes it more consumable by business leaders and provides IT departments with an understanding of how these threat actors work.
We understand there are humans behind these attacks setting up infrastructure and domains, building malware, developing exploits – and leaving toolmarks. We analyze this information and develop profiles of threat actors allowing us to sort out their motivations, whether they are opportunistic criminals, hacktivists looking to advance and agenda, or targeted actors bent on espionage or destructive attacks. This type of intelligence equips organizations with an understanding of their adversaries’ motivations and that helps them narrow down the threats as they apply to their business.
TAM – How can CIOs and IT Managers use the information in the report in day to day operations?
AM – Much of our data is organized into verticals. CIOs and managers can look at this information to access which actors may be targeting their industry, what type of techniques they may be using and how to defend against these attacks.
Think of it in terms of the 80/20 rule authored by Italian economist, Vilfredo Pareto. His rule says that in measuring anything — 20 percent of the attacks are responsible for 80 percent of the damage. Through our report — and through our intelligence services — we want to help enterprises identify the 20 percent of the threats that are most detrimental to their business to enable them to prioritize mitigation efforts and spending.
TAM – What are some of the threats will you be watching closely in 2015?
Our intelligence suggests that the Joint Plan of Action (JPOA) and negotiation of the Comprehensive Plan of Action (CPOA) aimed to reduce Iranian nuclear technology and research could a drive an uptick in attacks by Iran on western targets. Also a number of companies will continue to be caught in the cyber-crossfire between China and Vietnam as China continues to disrupt South East Asia by expanding its influence via oil infrastructure investment.
From a technology standpoint, we will be watching how adversaries leverage Let’s Encrypt — the first free certificate authority that will be deployed into browsers. This will make it easier for adversaries to using SSL-encrypted sessions to subvert traditional cyber security detection, protection, and defense mechanisms.
TAM – Why release this information publicly at no charge?
AM – Western businesses and enterprises need to know that there are serious bad guys in North Korea, China, Iran, Russia and other countries working tirelessly on ways to get around our defenses to steal intellectual property, disrupt business and even destroy. This report gives business and IT leaders a fighting chance to find out who is targeting them and take steps to prepare their networks, minimize intellectual property loss, business downtime, and other effects of cyber security attack that undermine the bottom line.
Sign up now to join the CrowdCast on February 11 at 2 PM EST/11 AM PST. You’ll hear more from Adam Meyers and the CrowdStrike Intelligence Team as they dive into the activity of 2014’s most sophisticated threat actors. Understand how the evolving capabilities of these advanced adversaries will affect you in 2015.