Attackers Increasingly Focus on Business Disruption

Network intruders are staying undetected for an average of 95 days, enabling them to target critical systems and more completely disrupt business.

More cyberattackers are targeting large companies with stealthier attacks, aiming to significantly disrupt businesses and force them to pay higher ransoms, according to a report summarizing more than 300 breach investigations.
The CrowdStrike Services Cyber Front Lines Report found that 36% of incidents aimed to disrupt business or operations. While companies are getting better at detecting attacks using their own people and systems —79% of attackers were discovered internally, the highest rate in three years — the number of days attackers went undetected increased to 95, up from 85 days in 2018, CrowdStrike found.
The result is that malicious attackers have more time to attack operations and cause more disruption, says Thomas Etheridge, vce president of services at CrowdStrike.
Not all of these threat actors are deploying ransomware, but they were really focused on disrupting the business ability to perform business, he says. That disruption was behind higher ransom amounts and the decision to often pay the ransom.
The reports findings highlight how last years steady beat of ransomware headlines became a trend. From the
coordinated attacks on Texas towns
to a focus on
local school districts
, reports of ransomware attacks exploded in 2019. While successful attacks have decreased in number by some accounts, attackers are focusing on larger targets and threatening to do greater damage. Called big-game hunting by many firms, the revised strategy is about minimizing effort and maximizing the profit from criminal activity.
That type of access that the attacker has, it really gives them the flexibility to understand where the critical data assets are, what approach they are going to take to encrypt those assets, where the backups are stored — and that really puts the customer at a disadvantage, Etheridge says.
While the increase in disruptive attacks is the main theme of CrowdStrikes report, a number of other trends are highlighted as a well. The company found, for example, that a legitimate tool for scanning Active Directory stores, known as Bloodhound, had been co-opted by attackers to speed their movement across networks.
The company also urged companies to better secure their cloud services, especially infrastructure-as-a-service (IaaS) infrastructure. Attackers are already targeting API keys, which are used to allow programs to access and incorporate features from the cloud.
Static keys pose a significant risk because they allow enduring access to large amounts of often sensitive data, the report states. Instead, use ephemeral credentials for automated cloud activity and enforce the usage of these credentials only from authorized IP address space.
Finally, Macs are now on the menu for attackers, CrowdStrike says.
The increasing popularity of macOS systems in organizations, combined with insufficient macOS endpoint management and monitoring, have made Macs lucrative targets for threat actors, the report states. Once inside a victim environment, the Services team has observed threat actors leveraging legitimate user credentials and native macOS utilities to move laterally and persist there while evading detection.
In terms of disruptive attacks, the manufacturing sector found itself most often successfully targeted by ransomware and other business-disrupting malware, according to
CrowdStrikes report
. Healthcare had the second highest number of disruptive incidents, followed by government organizations and information-technology companies.
Attackers often used spear-phishing attacks for the initial compromise, the company found. In just over a third of cases (35%), spear-phishing e-mails or messages gave attackers initial access to the victims systems. Attackers also sought out legitimate credentials to allow them to move around networks. Collecting credential dumps and attempting to discover accounts were the No. 1 and No. 3 attack techniques.
Companies that deploy a handful of defenses could fend off many of the attacks detected by CrowdStrike. Multifactor authentication on all public-facing portals, for example, will prevent attackers from gaining easy access through stolen credentials. Network segmentation helps prevent attackers from easily moving around a network following a compromise.
These methods can help organizations improve their security posture, Etheridge says. Organziations are better able to self-detect the attackers in their environment, so we expect attackers to continue to use more stealthy techniques to increase their dwell time.
Related Content:
State of the Cloud
Targeted Ransomware Attacks Show No Signs of Abating
How Data Breaches Affect the Enterprise
Ransomware Attack Hits Las Cruces, New Mexico Public Schools
Texas Towns Recover, but Local Governments Have Little Hope for Respite from Ransomware
Attacker Dwell Time Average Dips Slightly to 86 Days
Check out The Edge, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
6 Unique InfoSec Metrics CISOs Should Track in 2020
.

Last News
▸ Signs Point to Intel-Based Defense Strategy. ◂ Discovered: 26/12/2024 Category: security	▸ Feds: Liberty Reserve laundered $6 billion ◂ Discovered: 26/12/2024 Category: security	▸ U.S. Military Secrets Stolen by Chinese Hackers ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Attackers Increasingly Focus on Business Disruption