CrowdStrike Report: eCrime Actors Drove Cyber Intrusions in 2020
Approximately 80 percent of cyber intrusions uncovered in 2020 were linked to eCrime actors, according to the CrowdStrike 2021 Global Threat Report. eCrime actors also look poised to increasingly launch cyberattacks against global organizations this year.
In addition, CrowdStrike’s report highlighted various cyber threat trends, including:
1. Cybercriminals Use Coronavirus (COVID-19) Themes to Attack Healthcare Organizations
COVID-19 phishing campaigns and lures were frequently used in 2020. eCrime and targeted intrusion adversaries have often attacked the healthcare sector throughout the pandemic, and this trend could continue throughout 2021.
2. StellarParticle Adversaries Eye Supply Chain Attacks
Cybercriminals used the StellarParticle activity cluster to distribute and install malicious code during SolarWinds Orion supply chain attacks. StellarParticle actors may launch supply chain attacks that pose risks to organizations across all sectors this year.
3. Big Game Hunters Leverage Data Extortion
Big game hunters are “a pervasive threat to companies worldwide across all verticals,” CrowdStrike noted. They have been commonly using data extortion to pressure victims to make ransom payments.
4. Rising Use of Access Brokers
Many big game hunter actors and ransomware attackers are using access brokers during their cyberattacks. Access brokers typically gain backend access to corporations, government entities and other organizations and sell this access via criminal forums or private channels.
5. Malware Obfuscation Integrated into Build Processes
Hackers are using open-source tools to build processes that protect and obfuscate their malicious payloads. However, this tactic may not be widely adopted by less sophisticated threat groups, CrowdStrike indicated.
Furthermore, CrowdStrike offered the following recommendations to help organizations address potential weaknesses before they can be leveraged by attackers:
- Maintain visibility across all IT environments
- Use multi-factor authentication and privilege access management processes
- Conduct continuous threat hunting
- Collect and analyze threat intelligence
- Establish a cybersecurity policy that accounts for remote workers
A culture of cybersecurity can help organizations combat cyberattacks as well, CrowdStrike said. This culture promotes cybersecurity education and training and ensures all personnel can work together to minimize cyber risk.