CrowdStrike today published its Global Threat Report for 2019. This report shows, among other things, that eCrime is becoming more sophisticated, that there are more and more threats that are very difficult to detect, and that as-a-Service is becoming increasingly popular as a revenue model.
The report also shows that attackers’ motives vary across sectors, although financially driven ransomware attacks – with increasing ransom amounts – occur in all sectors.
For example, technology companies should be wary of intellectual property theft by China, but financial service providers are more sensitive to banking trojans. Hospitals, municipalities and universities, on the other hand, are much more at risk of a ransomware attack, the sole purpose of which is to obtain ransom money. A new development in the latter area is that theft of (privacy) sensitive data is used to put pressure on companies affected by ransomware to pay anyway. According to CrowdStrike, this fits in with a trend in which attackers increasingly use a combination of different techniques to achieve their goal.
There are also a number of striking trends in the CrowdStrike Global Threat Report. For example, many attacks are shifting from malware attacks to malware-free attacks. The latter are now in the majority (51 percent) for the first time worldwide. In these attacks, not a single line of code is placed on a computer, as is the case with malware, making it much more difficult to detect. An example of malware-free attacks is social engineering, after which the found information is used to persuade someone to click on a link or steal someone’s identity.
Enterprise-ransomware, also known as Big Game Hunting (BGH), also continues to grow, simply because it is the most lucrative form of cybercrime. The organisations most affected are local governments, universities, the technology sector, hospitals, industrial companies, financial service providers and media companies.
The three most common techniques that emerged in 2019 are masquerading (an attacker posing as an authorised user), command line interfacing (where attackers execute malicious commands on someone’s computer) and credential dumping (stealing login data, such as passwords). The three most common forms of cybercrime in 2019 are ransomware, banking trojans and malware downloaders. Furthermore, the growth of models such as Malware-as-a-Service and Ransomware-as-a-Service will continue in 2020 as growing profit models of today’s hackers.
As far as nation state actors are concerned, China and North Korea are very interested in stealing intellectual property (IP, Intellectual Property). This mainly concerns the telecom industry, but also sectors such as renewable energy, health care, biotech, pharmaceuticals, aviation and defence are regularly targeted. There is also an increase in Chinese attacks on it North Korea carries out many attacks on cryptovaluta exchanges, probably aimed at obtaining information about the often criminal users of cryptovaluta.