Press Release | Media on CrowdStrike

CrowdStrike Releases Annual Cyber Intrusion Services Casebook

Sunnyvale, CA — December 6, 2017 — CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the release of the annual CrowdStrike® Cyber Intrusion Services Casebook, which provides valuable insights into the ever-evolving attack tactics, techniques and procedures (TTPs) and the state of breach readiness across industries.

The Cyber Intrusion Services Casebook reveals incident response (IR) strategies, lessons learned, and trends derived from more than 100 real-life cyber intrusion cases that CrowdStrike Services worked on during the past year. The data is derived from  engagements with more than 12 leading commercial and public sector industries, including finance, insurance, healthcare, retail, information technology, and more.

The Casebook includes a detailed look at four distinct cases that illustrate broader security trends and notable shifts in adversary tactics, along with key recommendations for improving defenses.

Some key findings include:

  • The lines between nation-state sponsored attack groups and eCrime threat actors continue to blur. Both threat groups increasingly leverage similar tactics such as fileless malware and “living off the land” techniques involving processes native to the Windows operating system, including PowerShell and WMI (Windows Management Instrumentation).

  • The average attacker dwell time was 86 days. This statistic reflects the number of days between the first evidence of a compromise and its initial detection. The longer an attacker can dwell in the environment, the more opportunity he has to find, exfiltrate or destroy valuable data or disrupt business operations.

  • Attackers apply more self-propagation techniques to accelerate scope and scale of attacks. Through multiple investigations, CrowdStrike has observed malware variants that employ techniques designed to spread once a system is infected. Victim organizations worldwide continue to experience the repercussions of failing to keep critical systems updated and relying on ineffective legacy security technologies for threat prevention

  • The use of fileless malware and malware-free attacks made up 66 percent of all attacks.  Notable examples include attacks where code was executed from memory or where stolen credentials were leveraged for remote logins.

  • Companies are getting better at self-detection. In 68 percent of the reviewed cases, the companies were able to internally identify the breach. This represents an 11 percent increase over prior years.

“To minimize the impact of a cyber-related incident, organizations need to be aware of emerging attack trends and adversary techniques, and in turn, implement IR best practices and proactive mitigation strategies. With cybersecurity becoming a core business issue, CEOs and business leaders need to improve their ability to anticipate threats, mitigate risks, and  prevent damage in the wake of a security-related event,” said Shawn Henry, chief security officer and president of CrowdStrike Services. “Based on the CrowdStrike Services team’s extensive experience, this Casebook informs not only security professionals, but also executives, boards of directors and shareholders on how to prepare for and respond to intrusions in a more effective manner.”

In order to better protect against the sophisticated nature of threat actors, organizations must improve their resiliency in the face of ever-changing attack techniques. Relying on traditional security measures, tools and approaches is no longer effective in the face of modern cyber threats. As attacks continue to become more sophisticated and prolific, organizations must evolve their security strategies to proactively prevent, detect and respond to all attack types, including fileless malware and malware-free attacks.

The CrowdStrike® Cyber Intrusion Services Casebook can be downloaded here.

About CrowdStrike®

CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver actionable intelligence and real-time protection from Day One. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.

CrowdStrike Falcon protects customers against all cyber attack types, using sophisticated signatureless AI and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats in real time. Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates over 78 billion security events a day from across the globe to immediately prevent and detect threats.

There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.

Learn more:

Follow us: Blog | Twitter

© 2017 CrowdStrike, Inc. All rights reserved. CrowdStrike®, CrowdStrike Falcon®, CrowdStrike Threat Graph™, CrowdStrike Falcon Prevent™, Falcon Prevent™, CrowdStrike Falcon Insight™, Falcon Insight™, CrowdStrike Falcon Discover™, Falcon Discover™, CrowdStrike Falcon Intelligence™, Falcon Intelligence™, CrowdStrike Falcon DNS™, Falcon DNS™, CrowdStrike Falcon OverWatch™, Falcon OverWatch™, CrowdStrike Falcon Spotlight™ and Falcon Spotlight™ are among the trademarks of CrowdStrike, Inc. Other brands may be third-party trademarks.

CrowdStrike, Inc.
Ilina Cashiola, 202-340-0517