Cyber Criminals Catch Up With Nation-States

The trickle-down effect of advanced “military-grade” tools is seeing the gap between cyber-criminal and nation state attack capabilities closing, outpacing many organisations’ defence capabilities

The lines are blurring between statecraft and tradecraft, evolving the cyber threat landscape beyond the defence capabilities of conventional security measures, according to the latest global threat report by security firm CrowdStrike.

In 2017, 39% of all attacks that CrowdStrike observed constituted malware-free intrusions that were not detected by traditional antivirus systems, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks, the report revealed.

CrowdStrike data also indicates that it takes an intruder an average of one hour 58 minutes to begin moving laterally to other systems in the network.

Extortion and weaponisation of data have become mainstream among cyber criminals, the report warned, heavily impacting government and healthcare, among other sectors.

Nation state-linked attacks and targeted ransomware are also on the rise and could be used for geopolitical and even militaristic exploitation purposes, the report said.

Supply chain compromises and crypto fraud and mining will present new attack vectors for both state-sponsored and cyber-criminal actors, the report said.

“We have already seen how cyber criminals can come up with massive, destructive attacks that render organisations inoperable for days or weeks,” said Dmitri Alperovitch, CrowdStrike’s chief technology officer and co-founder.

“Looking ahead, security teams will be under even more pressure to detect, investigate and remediate breaches fast.”

Established and well-resourced cyber operations will continue to innovate, developing new methods of distributing crime-ware and incorporating advanced tactics to infiltrate, disrupt and destroy systems, the report warned.

Adam Meyers, vice-president of intelligence at CrowdStrike, said the lines between nation-state and cyber-crime actors are increasingly blurring, raising the sophistication of threats to a new level.

“Actionable threat intelligence and real-time threat data are crucial in empowering better security and executive decisions,” he said.

Meyers said CrowdStrike’s latest report is aimed at making public and private sector organisations better informed about the tactics, techniques and procedures that attackers are using to enable defenders to allocate the most appropriate defences and resources.

Computer Weekly

You Might Also Read: 

Cyber Criminals Have Access To Weapons Grade Hacking Tools:

Cybercriminals Use Fake Websites:

 

« UK Think Tanks Hacked by Groups in China
The Mysteries Of Crypotocurrencies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

PROOF

PROOF

PROOF is a Brazilian leader in cybersecurity. Our goal is to assist our Customers in managing security efficiently and in tune with business needs.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

Telindus

Telindus

Telindus is the strategic IT partner for the flexible organization of the future. We build optimal IT infrastructure with four components: networking, cloud, cybersecurity and data & AI.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

Vambrace Cybersecurity

Vambrace Cybersecurity

Vambrace is an experienced cybersecurity consultancy and operations outsourcer helping you to secure your business in an increasingly-hostile cyber environment.

EVVO LABS

EVVO LABS

EVVO Labs empower your business with the latest IT capabilities to get you ahead of your competitors. We are experts at converging technologies to build your digital transformation.