New CrowdStrike Threat Hunting Report Reveals Prolific Adversary Trends and Tactics
October 01 2019 - 7:00AM
Business Wire
2019 Mid-Year OverWatch report provides
insights into massive uptick in eCrime cyber activity; retail comes
back as one of the top targeted industries this year
CrowdStrike® Inc. (Nasdaq: CRWD), a leader in cloud-delivered
endpoint protection, today announced the release of the Falcon
OverWatchTM 2019 Mid-Year Report: Observations From the Front Lines
of Threat Hunting. The report is comprised of threat data from
CrowdStrike Falcon OverWatch, CrowdStrike’s industry-leading
managed threat hunting team. The annual report details several of
the sophisticated intrusions the team has encountered and provides
insights into notable targeted, state-sponsored and criminal
campaigns the team investigated during the first half of 2019. The
report also includes information on key trends in adversary
activity and offers recommendations for defending against the
prevalent tools, techniques and procedures (TTPs) attackers are
using.
As Gartner states in the 2019 Magic Quadrant for Endpoint
Protection Platform i, “The skills requirement of EDR solutions
compounded by the skills gap in most organizations is an impediment
to the adoption of EDR in the mainstream market. As a result,
product vendors are increasingly offering a fusion of products and
services ranging from light incident response and monitoring
through full managed detection and response and consultative
incident response services.” OverWatch is comprised of an elite
team of cross-disciplinary specialists that offer customers full
managed detection and response, harnessing the massive power of the
CrowdStrike Falcon® platform’s cloud-native architecture to gain
rapid visibility into the CrowdStrike Security Cloud community.
Armed with massive datasets collected and analyzed by CrowdStrike
Threat Graph,® combined with contextualized threat intelligence,
CrowdStrike’s team of threat hunters continuously tracks,
investigates and stops sophisticated threat activity in customer
environments.
With CrowdStrike’s industry-leading cloud-scale telemetry of
over two trillion endpoint events collected per week and detailed
tradecraft on more than 120 adversary groups, OverWatch provides
organizations with the comprehensive ability to see and stop the
most sophisticated breaches.
“Over the first half of 2019, OverWatch has regularly observed
attackers using valid accounts to access compromised endpoints.
Upon entry, we’ve seen both eCrime and nation-state actors maintain
a strong foothold in networks through the use of stealthy tactics.
It’s obvious that attackers are continuing to ramp up in both their
brazen behavior and sophisticated means,” said Jennifer Ayers, vice
president of OverWatch and Security Response. “In the continually
changing IT environment, where end users are no longer behind the
VPN, it’s critical for organizations to adopt modernized threat
prevention to defend against more sophisticated threats that go
beyond malware with fileless attacks, zero-days and other advanced
techniques.”
Some of the most notable report findings include:
- A massive uptick in targeted intrusions from eCrime
adversaries. OverWatch has seen a large increase in intrusion
activity from eCrime actors in the first half of 2019, accounting
for the majority of detected intrusions. This is in stark
difference from last year, but does not indicate a reduction in
state-sponsored activity overall. Rather, it reflects a continued
shift in eCrime adversary behavior to focus more on leveraging
nation-state style intrusions versus targeted spray and pray
attacks in pursuit of more and larger payouts.
- Retail replaces hospitality as one of the top ten targets
within the first half of 2019. A quiet player in the past, a
clear focus has moved this industry to one of the most lucrative
targets. eCrime campaigns, and in particular, ransomware, overall
are on the rise and the retail vertical has received a significant
share of new attention from eCrime actors.
- Other industries such as technology, telecommunications,
financial and Non-governmental organizations (NGOs) remain some of
the most highly targeted verticals in both 2018 and 2019.
- China remains one of the most active adversaries.
Similar to prior years, Chinese nation-state adversaries were the
most active out of all the nation-state actors observed so far this
year. CrowdStrike has observed China target the most industries
across the board including chemical, gaming, healthcare,
hospitality, manufacturing, technology and telecom.
As we move into the latter half of 2019, OverWatch continues to
observe targeted adversaries employ creative techniques to avoid
detection and perform actions on objectives. The threat hunting
endpoint data collected via the cloud-native technology of the
Falcon platform provides invaluable information and actionable
insights to identify sophisticated adversaries, the TTPs they
employ, and the evasion techniques they commonly turn to. It’s
imperative that organizations looking to increase their security
hygiene deploy threat hunting teams to rapidly detect, investigate
and remediate intrusions.
For additional information, read a blog from the OverWatch team:
Observations From the Front Lines of Threat Hunting.
You can also download a complimentary copy of the full report on
the CrowdStrike website.
This August, CrowdStrike was positioned by Gartner, Inc. in the
Leaders quadrant of the Magic Quadrant for Endpoint Protection
Platforms.i The report, which evaluates vendors based on
completeness of vision and their ability to execute, positioned
CrowdStrike furthest for completeness of vision in the entire Magic
Quadrant.
[i] Gartner “Magic Quadrant for Endpoint Protection Platforms”
by Peter Firstbrook, Dionisio Zumerle, Prateek Bhajanka, Lawrence
Pingree, Paul Webber, 20 August 2019.
Disclaimer
Gartner does not endorse any vendor, product or service depicted
in its research publications, and does not advise technology users
to select only those vendors with the highest ratings or other
designation. Gartner research publications consist of the opinions
of Gartner's research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or
implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
About CrowdStrike
CrowdStrike® Inc. (Nasdaq: CRWD), a global cybersecurity leader,
is redefining security for the cloud era with an endpoint
protection platform built from the ground up to stop breaches. The
CrowdStrike Falcon® platform’s single lightweight-agent
architecture leverages cloud-scale artificial intelligence (AI) and
offers real-time protection and visibility across the enterprise,
preventing attacks on endpoints on or off the network. Powered by
the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon
correlates over two trillion endpoint-related events per week in
real time from across the globe, fueling one of the world’s most
advanced data platforms for security.
With CrowdStrike, customers benefit from better protection,
better performance and immediate time-to-value delivered by the
cloud-native Falcon platform.
There’s only one thing to remember about CrowdStrike: We stop
breaches.
Qualifying organizations can gain full access to Falcon Prevent™
by starting a free trial.
Learn more: https://www.crowdstrike.com/
Follow us: Blog | Twitter
© 2019 CrowdStrike, Inc. All rights reserved. CrowdStrike, the
falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are
marks owned by CrowdStrike, Inc. and registered with the United
States Patent and Trademark Office, and in other countries.
CrowdStrike owns other trademarks and service marks, and may use
the brands of third parties to identify their products and
services.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20191001005476/en/
Media CrowdStrike, Inc. Ilina Cashiola 202-340-0517
Ilina.cashiola@crowdstrike.com
CrowdStrike (NASDAQ:CRWD)
Historical Stock Chart
From Apr 2024 to May 2024
CrowdStrike (NASDAQ:CRWD)
Historical Stock Chart
From May 2023 to May 2024