Key Trends From the CrowdStrike 2019 Global Threat Report

Update: CrowdStrike's 2020 Global Threat Report is now available. Download the report to stay ahead of today's adversaries. The CrowdStrike® 2019 Global Threat Report: “Adversary Tradecraft and the Importance of Speed,” includes the combined work of CrowdStrike’s skilled and seasoned teams that engage in global intelligence gathering and analyzing, proactive threat hunting, and incident response investigations. The threat report also reveals the trends that these teams have seen in 2018 — trends that show no signs of waning in 2019. In CEO George Kurtz’s blog introducing the threat report, he emphasized the need for speed in combating global adversaries.

 

CTO Dmitri Alperovitch provided a deeper dive into what’s driving the necessity for accelerating incident response activities in his blog about “breakout” time and the 1-10-60 Rule, and what these metrics reveal about our adversaries and our own defensive capabilities. This blog focuses on the trends put forth in the 2019 threat report and how they can inform your security strategies for the current year and beyond.

Trends Observed in 2018

In many respects, 2018 appeared to be a markedly different year than the one before. Absent some of the high-profile events observed in 2017, such as WannaCry and NotPetya, headlines in 2018 were defined instead by a series of U.S. Department of Justice (DoJ) indictments against individuals linked to named, state-sponsored adversaries. Possibly affected by these public disclosures and stepped-up law enforcement activity, ongoing tool development and changes in tactics, techniques and procedures (TTPs) seem to indicate 2018 was a transition year for many adversaries. One thing was clear: Law enforcement efforts have not yet halted or deterred nation-state sponsored activities.

eCrime Was Prominent

The eCrime adversaries tracked by CrowdStrike Intelligence conducted a variety of criminal operations, including crimeware distribution, banking Trojans, ransomware, point of sale compromises and targeted spear-phishing campaigns:

Rising Nation-State Activities

Nation-state adversaries were continuously active throughout 2018 — targeting dissidents, regional adversaries and foreign powers to collect intelligence for decision-makers:

Other Nation-State Trends

Other nation-state adversaries tracked by CrowdStrike, but not prominently featured in the 2019 Global Threat Report, include:
  • Adversaries linked to Pakistan and India maintained an interest in regional affairs with a rise in activity on the Indian subcontinent, observed in the summer of 2018.
  • The Vietnam-based adversary OCEAN BUFFALO appeared to focus on domestic — possibly internal law enforcement — operations; however, CrowdStrike has also identified the possible targeting of Cambodia, as well as activity against the manufacturing and hospitality sectors.
  • Recent technical analysis, as well as the reported zero-day use of CVE- 2018-8174, suggests the South Korean-based adversary SHADOW CRANE continues to actively develop its toolkit. The target scope of SHADOW CRANE’s campaigns appears to primarily focus on victims in China, Japan, South Korea, Russia, India and the DPRK — particularly those involved in the government, think tanks, media, academia and nongovernmental organization (NGO) sectors.

Create an Informed Cybersecurity Strategy

Download the 2019 Global Threat Report to gain a deeper understanding of these trends from the analysis offered by the CrowdStrike Intelligence, Falcon OverWatch™ managed hunting and the CrowdStrike Services teams. In the report, they highlight the significant events in the past year of cyberthreat activity across the world. Their reporting and analysis demonstrates how threat intelligence, proactive hunting and swift proactive countermeasures can provide a deeper understanding of the motivations, objectives and activities of the adversaries that are targeting your organization. Armed with this information, you can create security strategies that will help you better defend your organization and its valuable data now and in the future.

Additional Resources

Breaches Stop Here