CrowdStrike Annual Threat Report Details Attacker Insights and Reveals Industry’s First Adversary Rankings
CrowdStrike reveals the adversaries with the fastest breakout time
Sunnyvale, CA – February 19, 2019 – CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the release of the 2019 CrowdStrike Global Threat Report: Adversary Tradecraft and The Importance of Speed. Key findings in the report point to the escalating activities of nation-state actors and global eCrime actors across all targeted industries, and offer lessons learned from real-life intrusions.
In today’s ever-evolving cyber landscape, speed is essential for effective cyber defense. CrowdStrike’s Global Threat Report reveals “breakout time” – the critical window between when an intruder compromises the first machine and when they can move laterally to other systems on the network – for top cyber adversaries. This ranking offers organizations unprecedented insight into how fast they need to be at detecting, investigating and remediating intrusions (also known as the 1-10-60 rule) to thwart adversaries they are most likely to face targeting their networks.
According to CrowdStrike’s visibility, based on more than 30,000 breach attempts stopped in 2018:
- Russian nation-state actors, tracked by CrowdStrike as “Bears,” are the fastest adversaries with an average breakout time of 18:49 minutes.
- North Korean nation-state actors, tracked as “Chollimas,” are the second fastest with an average breakout time of 2:20:14 hours.
- Chinese nation-state actors, or “Pandas,” average 4:00:26 hours.
- Iranian nation-state actors, or “Kittens,” average 5:09:04 hours.
- eCrime actors, or “Spiders,” have the slowest average breakout time of all adversaries: 9:42:23 hours, although some of the eCrime actors can move very rapidly and rival even the fastest nation-states.
- One of the most significant trends in eCrime for 2018 was the continued rise of “Big Game Hunting,” the practice of combining targeted, intrusion-style tactics for the deployment of ransomware across large organizations.
- Another trend identified by CrowdStrike Intelligence was the increased collaboration between highly sophisticated eCrime threat actors. The use of geo-targeting to support multiple eCrime families was observed through a variety of tactics.
- The industries at the top of the target list for malware-free intrusions include media, technology and academia, highlighting the need to aggressively strengthen their defenses against more sophisticated, modern attacks.
- CrowdStrike identified several targeted intrusion campaigns by China, Iran and Russia, focused on the telecommunications sector and likely supporting state-sponsored espionage activities. Subsequent lures to drive more effective social engineering campaigns resulted in compromising telecom customers, including government entities.
- CrowdStrike observed an increasing operational tempo from China-based adversaries, which is only likely to accelerate as US-China relations continue to be strained.