In a recent interview conducted by TechRadar Pro, I shared my perspective on some of the key findings from the CrowdStrike® 2019 Global Threat Report, “Adversary Tradecraft and the Importance of Speed.” Below is the Q&A portion of the article published by TechRadar Pro: “Staying One Step Ahead of the Cybersecurity Hydra: How Businesses Can Avoid Falling Victim to Cyberattacks and Other Cyberthreats.”
What major trends are you seeing in the cyber landscape at the moment?
At this moment in time, we are in an “arms race” for cyber superiority. However, there are some important differences between an arms race in the cybersphere versus the physical world: In cyberspace, any player can potentially become a superpower. The capital costs are alarmingly low, compared to funding a physical war machine. Even some of the world’s most impoverished regions proved their ability to make a global impact through cyber campaigns in 2018 — and this is one genie that is not going back in the bottle.
With regard to nation-state actors, speed has become an even more critical aspect when it comes to countering cyberattacks. The Global Threat Report data demonstrated that adversaries are moving even faster when it comes to “breakout time.” Russian adversaries, for instance, only take an average of 18 minutes to accomplish lateral movement within the victim environment — from where they first entered to moving through the environment.
Furthermore, there has been a notable increase in “scripting” techniques in attacks, as well as the increased use of techniques intended to hide or obscure attacker behaviors. As endpoint protection solutions are becoming increasingly adept at finding and stopping malicious behaviors, attackers are forced to incorporate stealthier measures into their tradecraft.
What industries are experiencing the highest level of threat activity?
One of the most vulnerable sectors, at the moment, is telecommunications. As in 2018, it was noted that organizations in the telecoms sector had been directly targeted, along with regular instances of compromised telecoms equipment and the use of “lures” referencing telecoms services. This trend likely supports state-sponsored espionage actors, as they seek to gain access to a broad customer base that relies on telecom services in their target countries.
The targeting of the telecom sector is historically within the scope of several Chinese adversaries; however, the number of operations affecting this sector, or using lures referencing telecom services, suggests an increase in China-based cyber espionage operations on a larger scale, and supports previous assessments that these adversaries regularly engage in upstream targeting. Furthermore, both Iranian and Russian adversaries have been identified as targeting those in the telecom sector.
How can organizations stay ahead of these new advanced adversaries?
The basics of user awareness, asset and vulnerability management, and secure configurations continue to serve as the foundation for a strong cybersecurity program. CrowdStrike recommends that organizations regularly review and improve their standard security controls, including the following: user awareness, asset management, vulnerability and multifactor authentication.
With breakout time measured in hours, something that is worth remembering when countering threats is the “1-10-60 rule”. This rule is divided as such; detect intrusions in under one minute, perform a full investigation in under 10 minutes and eradicate the adversary from the environment in under 60 minutes.
Those organizations that meet this 1-10-60 benchmark are much more likely to eradicate the adversary before the attack spreads out from its initial entry point, minimizing impact and further escalation. Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action.
- Download the CrowdStrike 2020 Global Threat Report.
- Watch an on-demand webcast on the CrowdStrike Global Threat Report.
- Learn how the CrowdStrike Falcon® endpoint protection platform stops malware-free threats with next-generation behavioral analysis and more.
- Test CrowdStrike next-gen AV for yourself: Start your free trial of Falcon Prevent™ today.