Cybersecurity expert CrowdStrike has released its CrowdStrike Falcon OverWatch 2020 Threat Hunting Report which reveals the company has stopped 41,000 potential intrusions in the first half of 2020, compared to the 35,000 it saw in the whole of 2019.
The report found that this significant increase is driven primarily by the continued acceleration of eCrime activity but has also been impacted by the effects of the pandemic, which presented an expanded attack surface as organisations rapidly adopted remote workforces and created opportunities for adversaries to exploit public fear through COVID-19 themed social engineering strategies.
Other findings include:
eCrime continues to outpace state-sponsored attacks: This upward trend that OverWatch has witnessed over the past three years accounts for over 80% of interactive intrusions so far this year.
Cyberthreats continue to follow real-life trends: In 2020, if you became an essential business, you became a prime target for cyberattacks. While intrusion frequencies in the Retail, Hospitality and Aviation industries decreased, the Healthcare, Manufacturing, Financial and Food and Beverage industries all saw an increase.
Targeting of the manufacturing sector increases dramatically: There was a sharp escalation of activity in the manufacturing sector in the first half of 2020 in terms of both the quantity and sophistication of intrusions from both eCriminals and nation states, making it the second most targeted vertical observed by OverWatch. Last year, it was not even in the Top 10.
China continues its aim at telecommunications companies: The telecommunications industry continues to be a popular target for the nation-states, specifically China. OverWatch observed six different China-based actors, whose motivations are likely associated with espionage and data theft objectives, conducting campaigns against telecommunications companies in the first half of the year.
“Just like everything this year, the threat landscape has proven unpredictable and precarious as eCrime and state-sponsored actors have opportunistically taken aim at industries unable to escape the chaos of COVID-19, demonstrating clearly how cyber threat activity is intrinsically linked to global economic and geo-political forces,” said Jennifer Ayers, vice president of OverWatch and Security Response.
“OverWatch threat hunting data demonstrates how adversaries are keenly attuned to their victim’s environment and ready to pivot to meet changing objectives or emerging opportunities. For this reason, organisations must implement a layered defence system that incorporates basic security hygiene, endpoint detection and response (EDR), expert threat hunting, strong passwords and employee education to properly defend their environments.”