The publication of the annual CrowdStrike Global Threat Report today has exposed two unshakeable cybersecurity truths: cybercriminals will follow the path of least resistance while nation-state actors are both more relentless and sophisticated in their methods.Indeed, the 2020 report has shown that these state-affiliated groups are developing and employing a multitude of new tactics, techniques, and procedures to achieve their end goals.Those end goals, traditionally thought of as revolving around espionage and surveillance, are also changing.Not that the standard-bearer objectives have gone away, far from it, but they have been joined by an increasing desire to sow disruption and conflict among institutions and general populations alike, with political and economic gain the ultimate driver.To combat the ongoing and sophisticated threat from both nation-states and cybercriminal organizations alike, CrowdStrike recommends employing the 1-10-60 rule: one minute to detect intrusions, ten minutes to investigate and an hour to eliminate the adversary.
The state-sponsored cyberattack landscape
The CrowdStrike analysis of state-sponsored attacks across 2019 suggests that traditional intelligence gathering requirements remain the primary motivation.The U.S.is not averse to cyber-espionage activity itself, of course, as history has taught us.
You only need to look in the direction of the case of the CIA and its secret purchase of global encryption provider Crypto AG which allowed backdoored products to spy on more than 100 foreign governments for proof of that.
According to the CrowdStrike report , Chinese adversaries focused on the telecommunications sector to “support both signals intelligence and further upstream targeting.” Others, such as the Democratic People’s Republic of Korea, focused more on targeting financial services with a specific interest in cryptocurrencies.While assessing the precise motivations behind attacks remains something of a guessing game, CrowdStrike analysts suggest this could represent “additional currency generation operations” as well as industrial espionage.The Iranian cyber threat
On a country-by-country basis, looking at the most active nation-state adversaries, the CrowdStrike report concludes with high confidence that Iran will continue using cyber-espionage against the Middle East and North Africa (MENA) region and North America.The Iranian Fox-Kitten espionage campaign against the U.S.
and Israel , ongoing for the last three years, is a good example of this.The targeting of figures critical to the regime will continue and may extend to social media disinformation campaigns “similar to activity against American audiences during 2019 that was reported to have an Iranian nexus,” the report states.
North Korea targets cryptocurrency exchanges
When it comes to North Korea, there was an elevated operation pace from DPRK-based intrusion campaigns, according to the CrowdStrike analysts.Much of this was targeted at entities within South Korea, but both the U.S.
and Japan were targets of intelligence-gathering operations, especially regarding nuclear and sanctions subject matters.Successful U.S.court action that led to the takedown of multiple domains used to conduct DPRK-based phishing campaigns will likely do little to slow such operations down.Operations are likely, according to the report, to continue to target cryptocurrency exchanges.Chinese disinformation campaigns likely to hit U.S.presidential elections
The targeting of U.S.companies within industries vital to Chinese strategic interests, clean energy, healthcare, and biotechnology among them, by China-based nation-state actors will likely continue.CrowdStrike also warns that China’s disinformation efforts will continue to impact both Hong Kong and Taiwan, but “western companies are likely to be caught in the middle.” The CrowdStrike report also forecasts that China-backed cyber operations will ferment unrest and conduct “disinformation campaigns on Western democratic elections,” including the 2020 U.S.
presidential election.Russia has sports in the cyber-crosshairs
Given the World Anti-Doping Agency (WADA) conclusion at the end of 2019 that the Russian Anti-Doping Agency (RUSADA) didn’t comply with international regulations and so Russia would be banned from international competition for four years, CrowdStrike warns that sports will be in the nation-state crosshairs.It has already noted “Russian state-nexus adversaries and pro-Russian information operations” aiming at sports regulatory bodies and warns that the 2020 Tokyo Olympic Games is a likely target.The importance of breakout times
Breakout time, covering speed from an initial intrusion to achieving lateral movement toward the ultimate objective, is a vital metric for defenders both at organizational and government level.It is this that establishes the parameters of the race between the threat actors and those who would thwart them.Interestingly, the breakout time across all intrusions, criminal as well as state-sponsored, increased from four hours and 37 seconds in 2018, to nine hours in 2019.
That sounds like really good news, but CrowdStrike analysts sound a note of caution as it probably just reflects the “dramatic rise” in cybercrime attacks, which always tend to have longer breakout times when compared to nation-state ones.The analysts state that “data attributable to nation-state activities in 2019 does not suggest any major changes in breakout times among state-affiliated adversaries.” Pursuing the 1-10-60 rule is vital for cyber-defense
“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands,” Adam Meyers, vice-president of intelligence at CrowdStrike said.“Modern security teams must employ technologies to detect, investigate and remediate incidents faster with swift preemptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” Meyers concluded.The cost of not taking this into account could be very high indeed, and not just for government departments.The FBI recently confirmed that reported crimes across 2019 had cost individuals and businesses in the U.S.
a combined $3.5 billion (£2.7 billion) in losses.And Christine Lagarde, the head of the European Central Bank, has gone on record to warn that a cyber-attack on a major financial institution could trigger a liquidity crisis.
Maybe those three magic numbers are, at least in part, the solution.
This article was written by Davey Winder from Forbes and was legally licensed through the NewsCred publisher network.Please direct all licensing questions to ..