A new report has found that cyber adversaries continue to be both relentless and innovative in their efforts to find vulnerabilities within organisation’s IT infrastructure.
The Crowdstrike Services Cyber Front Lines Report, which offers observations obtained from its incident response and proactive services, found that over a third of the incidents (36%) investigated were caused by ransomware, destructive malware or denial of service attacks.
“While the adversary’s main goal in a ransomware attack is financial gain, the impact of disruption to a business can often outweigh the loss incurred by paying the ransom,” the report said.
Data theft was also observed in a quarter of the breaches investigated, including the theft of personally identifiable information (PII), personal health information (PHI) and intellectual property (IP).
The report noted that IP theft has been linked to multiple nation-state adversaries that specialise in targeted intrusion attacks, whilst PII and PHI data theft has been connected to both espionage and criminally motivated operations.
“Typically, this type of data may be used by a cyber espionage actor to build a dossier on a high-profile target, or a cybercriminal may sell or ransom the information,” the report explained.
Another key finding identified was the increase in dwell time from 85 days in 2018, to 95 days in 2019 – meaning that adversaries were able to hide their activities from defenders for much longer, and organisations still lack the technology necessary to harden network defense, prevent exploitation and mitigate cyber risk.
The report detected that patching still remains a problem, with organisations still struggling to identify vulnerabilities, prioritise critical systems and deploy patches.
Subsequently, organisations continue to suffer from ransomware attack and malware that utilise exploit kits designed to identify and exploit the vulnerabilities found within unpatched systems.
“The CrowdStrike Services Cyber Front Lines Report offers organizations valuable takeaways to increase proactive security measures aimed at creating a more cyber-resilient environment. As adversaries are stealthier than ever, with new attack vectors on the rise, we must remain agile, proactive and committed to defeat them. They still seek the path of least resistance — as we harden one area, they focus on accessing and exploiting another,” said Shawn Henry, chief security officer and president of CrowdStrike Services.