Malicious hackers hone their tradecraft, reducing the time it takes to move from an initial compromised host machines to other components in enterprise networks, CrowdStrike says.

microsoft, hands-on cyber attacks jump 50%
Credit: Dreamstime

Enterprises monitored by CrowdStrike’s Falcon OverWatch threat hunters faced 77,000 attempts of hands-on, interactive intrusions, or approximately one potential intrusion every seven minutes, between July 1, 2021, and June 30, 2022 — a 50 per cent year-over-year increase, according to a new report from the cyber security vendor.

Breakout time, or the time an adversary takes to move laterally from an initially compromised host to another host within the victim’s environment, fell to one hour and 24 minutes compared to one hour and 38 minutes during the year-earlier period, demonstrating that adversaries continue to sharpen their tradecraft, according to CrowdStrike.

The CrowdStrike research defines interactive intrusion activity as those malicious activities that involve the use of hands-on keyboard techniques, where an adversary is actively interacting with and executing actions on a host in pursuit of their objectives. The term e-crime is the designation that CrowdStrike gives to the malicious intrusion activity that is criminally motivated.

“This type of activity is most commonly characterised as intrusions where adversaries are pursuing financially driven objectives, ransomware, of course, being the most prolific example,” said Nick Lowe, director for Falcon OverWatch at CrowdStrike.

The number of interactive intrusions has risen along with an increase in the number of zero-day vulnerabilities and Common Vulnerabilities and Exposures (CVEs). As of September 1, 2022, there were 13,000 new vulnerabilities disclosed for the year compared to 20,000 publicly disclosed vulnerabilities in all of 2021, noted Overwatch.

Overwatch focuses its hunting operations on post-exploitation behaviours rather than on specific common vulnerabilities and exposures (CVE), Lowe said.

“This approach is critical when one considers those volumes of disclosed vulnerabilities along with some of the observed trends that we see, including exploit chaining, where adversaries are combining multiple discrete series to reach their objectives,” he said.

Adversaries are quick to develop working proof of concepts for newly disclosed vulnerabilities. Zero day vulnerabilities continue to be a big problem for defenders, particularly those who are focused on individual CVEs, which necessitates the requirement for proactive threat hunting as a means to be able to identify and disrupt as yet unknown malicious activity, Lowe said.

Hackers continuously refine tools, techniques

Malicious actors are continually looking for new tools, according to the CrowdStrike research. Cobalt Strike, for example, is an extremely powerful and robust penetration-testing tool that has been adopted by e-crime actors, who leverage both legitimate licenses and pirated copies of the software.

“Adversaries continue to leverage the tool due to its broad feature set and ability to generate command-and-control (C2) implants that are difficult to detect. Cobalt Strike is the gold standard for adversaries and continue to receive regular updates to combat new defences and detection methods,” CrowdStrike noted in the report.

Adversaries also continue to innovate their tactics to remain under the radar and find new attack vectors as defenders close off old ones.

For example, the CrowdStrike researchers observed an increase in phishing attacks using ISO files for delivery of malicious software, in the wake of Microsoft’s move to disable internet-enabled macros by default in Office documents.

An ISO file is an exact copy of an entire optical disk such as a CD, DVD, or Blu-ray, archived into a single file.

“We are talking really about the abuse of ISO files; this sort of behaviour is another example of the many ways in which adversaries are continuing to really adapt,” Lowe said.

It is essential that organisations combine their technology-based defences with round-the-clock, human-led threat hunting, in order to make sure that they are best prepared to defend against evolving tradecraft, Lowe said.

In addition to ISO files, researchers observed adversaries using .lnk (Windows shortcut files), .msi (installer files) and .xll (Excel add-in) files as well.

“Adversaries are diversifying their phishing toolkits with understanding that no one technique can be solely relied upon — rather, multiple tools and techniques are necessary to ensure the best chance of gaining access to today’s hardened environment,” the report noted.

Technology industry remains the top target

The technology sector is a popular target for criminals and nation-state adversaries for the fourth year in a row.

“Some of the motivating factors for targeted adversaries that are pursuing objectives against technology targets can include intelligence collections specifically strategic military, economic, or scientific collection requirements, along with attempts to compromise supply chains and trusted relationships,” Lowe said.

The technology sector is the top industry targeted by interactive intrusions, accounting for 19 per cent of all such intrusions in the period studied, according to CrowdStrike.

Interactive intrusion activity against healthcare sector doubled during the period. Interactive activity against academic entities on the other hand increased by around 30 per cent for the period.

Cloud under increasing risk of intrusion

Meanwhile, there is a significant shift under way from on-premises to cloud-based services. Crucial elements of many business processes are on the cloud now, easing file sharing and workforce collaboration.

These same services are increasingly abused by malicious actors, a trend that is likely to continue in the foreseeable future as more businesses seek hybrid work environments, according to new research by CrowdStrike.

“We continue to see increasing efforts on the part of adversaries to target cloud-based assets. So now more than ever, it’s critical for organisations to deploy that mix of technology-based controls and human-led hunting to be best positioned to combat these evolving cloud threats,” Lowe said.

To defend themselves, organisations must invest to learn to harden their defences against cloud resources, and not assume the default security settings are the best settings for their organisations, according to CrowdStrike.

Keyword: Hands-on cyber attacks jump 50%


Spectra Logic and iRODS Consortium Partner to Provide Glacier-Like Tier of Storage for Data-Driven Organisations

Spectra Logic, a global leader in data management and data storage solutions, today announced a collaboration with the iRODS Consortium to create a joint solution built upon Spectra Vail® software, Spectra BlackPearl® S3 storage and the iRODS data management platform. The combined solution enables customers to use industry-standard cloud ...

View more: Spectra Logic and iRODS Consortium Partner to Provide Glacier-Like Tier of Storage for Data-Driven Organisations

Sky’s the limit: how to successfully embrace the cloud on your scale-up journey

Written by Paul Gampe, CTO of Console Connect When setting up a business, entrepreneurs are increasingly building their company operations on the cloud. In many cases, the first stage of bringing an innovative app or solution to life involves choosing a cloud provider that can do the job but ...

View more: Sky’s the limit: how to successfully embrace the cloud on your scale-up journey

Nexer Insight partners with SmartViz to create smart building solutions

Nexer Insight, an Elite Microsoft Azure, Internet of Things and Advanced Analytics partner, has announced a new collaboration with smart building digital twin company, SmartViz, to help organisations boost building performance and user experience. Nexer’s consulting and systems integration capabilities, combined with SmartViz’s unique proprietary technology, will enable building ...

View more: Nexer Insight partners with SmartViz to create smart building solutions

Code Ninjas celebrates summer of growth with new locations in the pipeline

Code Ninjas, the international coding franchise for kids, continues to expand across key areas of the UK, with the latest launches outside of the Greater London area. Following another summer of record enrolments for the brand’s coding and game-building camps, the support team and UK network are celebrating the ...

View more: Code Ninjas celebrates summer of growth with new locations in the pipeline

Zhamak Dehghani sparks debate over Data Mesh concept on day one of Big Data LDN

More than 170 exhibitors take to the show floor – double the show’s previous record One of the most talked about trends in data, the Data Mesh concept, took centre stage in the opening keynote from Zhamak Dehghani, on the first day of Big Data LDN (London) 2022 – ...

View more: Zhamak Dehghani sparks debate over Data Mesh concept on day one of Big Data LDN

Second Amazon Prime Day Sale to Kick Off on October 11, 12 For Early Holiday Shoppers

Amazon Prime Day Sale: Fall Edition Amazon Prime Day Early Access Sale Can We Expect Two Prime Day Sales Annually? Amazon confirmed that it would hold another Prime Day sale this year. For the first time, the e-commerce giant will be doing a two-day shopping spree after the first event last ...

View more: Second Amazon Prime Day Sale to Kick Off on October 11, 12 For Early Holiday Shoppers

Jupiter's Galilean moons

How did the Galilean moons form? Observing the Galilean moons Facts about the Galilean moons The discovery of the Galilean moons See the orbits of Jupiter's Galilean moons Photos of Jupiter and its Galilean moons Jupiter's four largest moons Io, Callisto, Europa and Ganymede are known as the Galilean ...

View more: Jupiter's Galilean moons

PCI Pal launches open banking payments for contact centres

The new digitally-native payment product, powered by open banking technology, offers consumers the choice to instantly Pay By Bank, authorising payments via their mobile banking app or online banking portal. PCI Pal® has announced the launch of its Pay By Bank open banking solution for contact centres. It is ...

View more: PCI Pal launches open banking payments for contact centres

Can big data help sari-sari stores navigate the looming supply crisis?

Credential stuffing accounts for one-third of global login attempts, Okta finds

Samsung Has a Prototype Toilet That Can Turn Your Poop Into Ashes

Tianma Microelectronics speeds up investment in automotive display production

NVIDIA DLSS 2 is noticeably better than AMD FSR 2.1 in Lost Judgment

A new ‘common sense’ test for AI could lead to smarter machines

Apple rolls out firmware update for AirPods Pro 2

Ant Group’s Alipay to boost cashless travel in South Korea through alliance with Thai, Malaysian, Philippines payment providers

India's push for home-grown navigation system jolts smartphone giants

Credit agencies can’t handle BNPL data, says Zilch boss

South Korea’s Busan city wants to be blockchain central. Did everyone get the memo?

Absolute Software Adds Trellix Endpoint Security to Application Resilience Ecosystem