Last year should be seen as one in which cyber gangs morphed into another level of business sophistication with some skirting actions that threatened their existence and others resorting to rebranding their evil organizations, CrowdStrike said in its 2022 Global Threat Report.
Among many developments that stood out, an 82 percent increase in ransomware data breaches occurred in 2021 with 2,686 attacks as of December 31, 2021 as compared to 1,474 in 2020. The mega-spike, said CrowdStrike, serves as a “stark reminder” of the high value cyber crews place on personal data. The spike in data-spurred ransomware attacks took place despite the efforts of law enforcement to seize ransom payments and other stolen money before cyber crooks could secure it, the security provider said.
Here are some of the study’s top line findings that CrowdStrike observed in 2021:
- 2,721 Big Game Hunting incidents in 2021.
- On average over 50 targeted ransomware events per week.
- Ransomware-related demands averaged $6.1 million per ransom, up 36 percent from 2020.
- Of all detections indexed in the fourth quarter of 2021, 62 percent were malware-free.
- Adversaries are increasingly exploiting stolen user credentials and identity to bypass legacy security solutions.
Of the 170 nation state and cyber criminal groups CrowdStrike tracked in 2021, the security provider identified the following:
- Intrusions attributed to eCrime accounted for nearly half (49%) of all observed activity. Among the four most dangerous nation state adversaries:
- Iran-based adversaries adopt the use of ransomware as well as “lock-and-leak” disruptive information operations, using ransomware to encrypt target networks and subsequently leak victim information via actor-controlled personas or entities.
- In 2021, China-nexus actors emerged as the leader in vulnerability exploitation and shifted tactics to increasingly targeting internet-facing devices and services like Microsoft Exchange. China-nexus actors exploited 12 vulnerabilities published in 2021.
- Russia-nexus adversary Cozy Bear expands its targeting of IT to cloud service providers in order to exploit trusted relationships and gain access to additional targets through lateral movement.
- North Korea targeted cryptocurrency-related entities in an effort to maintain illicit revenue generation during economic disruptions caused by the COVID-19 pandemic.
- eCrime actors, including affiliates of Doppel Spider and Wizard Spider, adopted Log4Shell as an access vector to enable ransomware operations. State-nexus actors, including Nemesis Kitten (Iran) and Aquatic Panda (China), were also affiliated with probable Log4Shell exploitation before the end of 2021.
“As cyber criminals and nation-states around the world continue to adapt in the changing, interconnected landscape, it’s critical that businesses evolve to defend against these threats by integrating new technologies, solutions and strategies,” said Adam Meyers, senior vice president of intelligence at CrowdStrike. “The annual Global Threat Report paints a picture that shows enterprise risk is coalescing around three critical areas: endpoints, cloud workloads, identity and data, and provides a valuable resource for organizations looking to bolster their security strategy.”
In its report, CrowdStrike offered cyber defenders nine recommendations to best arm themselves for attacks:
- Protect all workloads. You must secure all critical areas of enterprise risk: endpoints and cloud workloads, identity and data.
- Know your adversary. If you know the adversaries that target the industry or the geolocation your organization resides in, you can prepare yourself to better defend against the tools and tactics they employ.
- Be ready when every second counts. Speed often dictates success or failure. It’s especially true in cybersecurity where stealthy breaches can occur in a matter of hours with devastating consequences.
- Stop modern attacks. Nearly 80% of cyber attacks leverage identity-based attacks to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection.
- Adopt zero trust. Because today’s global economy requires data to be accessible from anywhere at any time, it is critical to adopt a Zero Trust model.
- Monitor the criminal underground. In addition to monitoring your own environment, security teams must be vigilant and monitor activity within the criminal underground.
- Eliminate misconfigurations. The most common causes of cloud intrusions continue to be human errors such as omissions introduced during common administrative activities.
- Invest in elite threat hunting. The combination of technology with expert threat hunters is absolutely mandatory to see and stop the most sophisticated threats.
- Build a cybersecurity culture. User awareness programs should be initiated to combat the continued threat of phishing and related social engineering techniques.