New Report Reveals
Cyber attacker’s new playbook
When it comes to getting ahead of the cyber attacker’s playbook, the recent “Global Threat Report” by CrowdStrike sheds some helpful light to get us going.
A first look at the Report’s numbers shows that less malware, more interactive intrusions, and big game hunting lead the way. This approach was successful and resulted in an 82% increase in ransomware-related data leaks in 2021.
Furthermore, 62% of attackers avoided using malware for the initial compromise and 45% of incidents were conducted via interactive intrusion, with fingers on the keyboard, to infect the system.
Also noted by CrowdStrike, cyber criminals are taking control of disclosure and negotiation. They are using the data they steal from companies against them, it is no longer only about the system or encrypting data.
While in the past a company could protect itself by disclosing a breach and blaming cyber criminals, now they are finding themselves in a bigger challenge due to the way attackers are using their data. The adoption of extortion highlights how attackers change to adapt to the cybersecurity measures companies take to defend themselves. What this means for companies is the need to update the way you protect your data and how you want to plan for breach notifications when it happens.
The more steps you take to stay ahead of needing to give in to extortion or losing data to it, in addition to being able to prepare for a potential data leak or system shut down, the more likely you can defend your operations and stay in business, without too much damage (financial and reputational damage). Staying ahead of the tricks cyber criminals have included in their playbook shouldn’t be a challenge for those who keep in mind the value data is and the way it can be used against you (against the company).
Other important data from the report reveals that the industrial and engineering sector suffered the most attacks with ransomware-linked data leaks above 400 incidents compared to 230 in 2020. Manufacturing came in second with 300 data leaks and technology firms had more than 200 data leaks.
Additionally, the report shows that targeted attacks increased to 18% of the total incidents investigated in 2021, compared to 13% in 2020. Luckily, hacktivism-related threats remained at 1%. On the other hand, e-crime and unattributed threats fell slightly. This is good since they make up the majority of incidents.
Another data point to support your cybersecurity efforts in getting to know the attacker’s playbook is the key theme for 2021, which involves cyber criminals consistently moving operations to new approaches or malware when possible. The new tactics, techniques and procedures (TTPs) used in 2021 helped cyber criminals to extort their victims, these TTPs involve cyber criminals making their own tools to steal data and/or setting up new marketplaces where they can sell the data.
You may want to start considering getting eyes in these marketplaces to get an idea of the type of data the cyber criminals are after, or it could also give you insights on the new tools they may be looking to use.
The last aspect you want to take note of when it comes to the cyber attacker’s playbook is their weaponizing of data. When companies don’t pay the ransom, cybercriminals have been leaking data. Sometimes they even add denial-of-services (DoS) attacks to get back at companies that won’t pay.
Ransomware and e-mail compromises continue to be a common threat, which means testing and patching systems continue to be of the utmost importance. Also, don’t forget software vulnerabilities, which are being exploited by ransomware attackers.
Lastly, cyber criminal’s “breakout time”, which is the time it takes an attacker to move from one compromise to infect other computers on the network was 1 hour and 38 minutes in 2021, and 1 hour and 32 minutes in 2020 according to the CrowdStrike measurement.
Any business that wants to stay ahead of the cybersecurity game will want to take note to better prepare. You can only win a fight if you know defense, offense and how to change things up last minute. Preparation is key, alongside being proactive with knowing what attacks to expect.
Let’s talk about your cybersecurity posture and how it is keeping up with the cyber attacker’s playbook. Schedule your free consultation: https://calendly.com/ncxgroup
Photo courtesy of alphaspirit.it