Story image

CrowdStrike compiles 'casebook' of cybersecurity's important lessons

11 Dec 2017

CrowdStrike has compiled a ‘casebook’ of some of cybersecurity’s important lessons on the subjects of state-sponsored attacks, fileless malware, mean-time-to detect - and the ultimate finding that organisations are getting better at self-detection.

The company’s annual Cyber Intrusion Services Casebook looks at attack tactics, techniques, procedures and the state of breach readiness across various industries.

According to CrowdStrike Services CSO and president Shawn Henry, organisations need to be aware of emerging attack trends and techniques so they can implement best incident response strategies.

With cybersecurity becoming a core business issue, CEOs and business leaders need to improve their ability to anticipate threats, mitigate risks, and prevent damage in the wake of a security-related event,” he explains.

The casebook found that the average time between the first evidence of a compromise and its initial detection was 86 days. The company says that the longer an attacker can ‘dwell’ in an environment, the more opportunity that attacker has to find, exfiltrate and destroy data or operations.

However, organisations are getting better at detecting attacks internally. In 68% of the reviewed cases, the affected organisations were able to internally identify the breach – up from 11% over previous years.

The casebook also suggests that nation-state sponsored attacks and other cybercriminals are starting to merge.

“Both threat groups increasingly leverage similar tactics such as fileless malware and “living off the land” techniques involving processes native to the Windows operating system, including PowerShell and WMI (Windows Management Instrumentation),” the company says.

The casebook found that attack trends towards fileless malware, such as those that execute code from memory, made up 66% of all attacks. This category also includes credential theft for remote logins.

 “Based on the CrowdStrike Services team’s extensive experience, this Casebook informs not only security professionals, but also executives, boards of directors and shareholders on how to prepare for and respond to intrusions in a more effective manner,” Henry continues.

CrowdStrike states that organisations must improve their resiliency if they are to protect against sophisticated threat actors.

“Relying on traditional security measures, tools and approaches is no longer effective in the face of modern cyber threats. As attacks continue to become more sophisticated and prolific, organizations must evolve their security strategies to proactively prevent, detect and respond to all attack types, including fileless malware and malware-free attacks," the company states.

In August 2017 CrowdStrike announced expansion into the Asia Pacific market.

“The CrowdStrike Falcon platform delivers to customers maximum protection against modern-day threats, along with best-in-class performance, efficacy, and efficiency,” commented CrowdStrike APAC vice president Andrew Littleproud.

“This powerful combination has allowed us to set a new standard in endpoint security, which is driving incredible momentum in our sales across APAC. We are excited to expand our presence in APAC countries and will continue to invest within the region throughout the rest of 2017.”

The company opened its APAC headquarters in 2017. Since then, the company has made strategic hires to continue its investment in the region.  

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.