Cybersecurity services provider CrowdStrike said in its latest half-year report that it tracked a big spike in electronic crime (eCrime) exploits in the first half of 2019, and concluded that perpetrators have continued to mature their ability to offer criminal services for hire.
The report says that in cases where attack attribution was possible, targeted eCrime campaigns jumped in the first half of this year as a percentage of campaigns classified by threat type. For first half of 2019, eCrime accounted for 61 percent of threat campaigns tracked by CrowdStrike, while state-sponsored campaigns made up the other 39 percent.
That’s a big change from the first half of 2018, when the percentages were broadly flipped – with 75 percent of campaigns classified as state-sponsored, and 25 percent to eCrime campaigns.
According to CrowdStrike, eCrime campaigns jumped this year “as a result of eCrime actors continuing to mature their ability to provide commercial access to their tactics, techniques and procedures on a ‘TTPs-for-hire’ basis, and their ongoing pursue of ‘Big Game Hunting’ operations.” Big Game Hunting refers to targeted, low-volume/high-return ransomware operations..
The rise in eCrime campaigns versus state-sponsored campaigns does not translate into a decline in the latter category, CrowdStrike said.
“Rather, it reflects a continued escalation of eCrime activities, and additional focus by [CrowdStrike’s] OverWatch organization, as the eCrime ecosystem evolves and adversaries escalate their activities in pursuit of more and larger payouts.”
Elsewhere in the report, the firm said that the retail sector has become a more frequent target of eCrime campaigns including ransomware. Other sectors remain highly targeted from last year into 2019, including technology, telecom, financial, and non-governmental organizations, CrowdStrike said.
In terms of recommendations, CrowdStrike encourages basic cyber hygiene and leveraging the capabilities of security tools already at your disposal. Additionally, agencies and organizations should look beyond malware to strengthen defenses against modern attacks and seek assistance from partners to fill skills gaps.
CrowdStrike also recommends pursuing the “1-10-60” rule. This rule means to detect intrusions in under a minute, perform a full investigation in under 10 minutes, and eradicate the adversary in under 60 minutes.