searchsecurity.techtarget.com Open in urlscan Pro
104.18.0.92  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.techtarget.com/search/query

<form action="https://www.techtarget.com/search/query" method="get" class="header-search">
  <label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
  <input class="header-search-input ui-autocomplete-input" id="header-search-input" autocomplete="off" type="text" name="q" placeholder="Search the TechTarget Network">
  <button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
</form>

Text Content

3
Trending Now

4 steps of EDR maturityDownload NowView All3
X
3Hello, these 3 documents have been trending and as a member they are free to
you.
 * 
   4 steps of EDR maturityDownload Now
 * 
   The rise of fileless attacksDownload Now
 * 
   Learn how Falcon Complete provides a mature endpoint security programDownload
   Now




SearchSecurity
Search the TechTarget Network
Sign-up now. Start my free, unlimited access.
Login Register
 * Techtarget Network
 * News
 * Features
 * Tips
 * More Content
    * Answers
    * Buyer's Guides
    * Definitions
    * Essential Guides
    * Opinions
    * Photo Stories
    * Podcasts
    * Quizzes
    * Tech Accelerators
    * Tutorials
    * Sponsored Communities

 * Schools

 * SearchSecurity
 * Topic Infosec programs
    * Data security
    * Identity and access management
    * Network security
    * Security training and jobs
    * Risk management strategies
    * Information security threats
    * Network threat detection
    * Platform security
    * Security compliance
    * Software security
    * Web security tools
    * Wireless and mobile security
    * All Topics

 * SubTopic Incident response
    * Government security
    * Incident response
    * Security laws and ethics
    * Security policies
    * Security automation
    * Security industry trends
    * Security mergers and acquisitions
    * All Subtopics

 * Follow:
 * 
 * 
 * 



Getty Images/iStockphoto

Getty Images/iStockphoto

News Stay informed about the latest enterprise technology news and product
updates.


CROWDSTRIKE THREAT REPORT: BREAKOUT TIME DECREASED 67% IN 2021

 * 




CROWDSTRIKE'S LATEST RESEARCH SHOWS THREAT ACTORS HAVE REDUCED THE TIME IT TAKES
FOR THEM TO MOVE LATERALLY IN VICTIM ENVIRONMENTS, THANKS IN PART TO RANSOMWARE
AS A SERVICE.

Share this item with your network:

 * 
 * 
 * 


By
 * Alexander Culafi, News Writer

Published: 08 Sep 2021

The amount of time it took a threat actor to move laterally across a network
decreased by 67% between 2020 and 2021, according to CrowdStrike's latest Threat
Hunting Report released Wednesday.



The report, titled "Nowhere to Hide, 2021 Threat Hunting Report: Insights from
the Falcon OverWatch Team," is the latest in a series of annual studies
published by CrowdStrike's managed threat hunting team. The roughly 70-page
report covers all manner of insights related to threat response and represents
the period between July 1, 2020 to June 30 of this year.

One of the key statistics in the report involves breakout times -- the time it
takes for a threat actor to move laterally from one compromised host to another
within the same network.

The average breakout time in the past year was 1 hour 32 minutes, down from 4
hours 37 minutes in 2020. The report adds that "OverWatch found that in 36% of
those intrusions, the adversary was able to move laterally to additional hosts
in less than 30 minutes." Conversely, CrowdStrike's 2019 report showed an
increase in breakout time from 1 hour 58 minutes to 4 hours 37 minutes.

Param Singh, vice president of Falcon OverWatch at CrowdStrike, told
SearchSecurity that he sees two reasons why the average breakout time decreased:
ransomware as a service and the move to bigger targets. Specifically, ransomware
as a service has lowered the barrier for would-be cybercriminals to conduct
attacks, and the ecosystem has created more powerful tools and methods to deal
with larger networks.

"If you go back five years, ransomware attackers were going after individuals.
Today, they are going after big healthcare and other big organizations -- big
game hunting. That's one reason," he said. "The other reason is ransomware as a
service, because a lot of these tools are now pre-built for them. And they don't
need to invest time and money and energy into building these tools. They can buy
them off the shelf, which helps them get access into an environment and move
very, very quickly."

Of the intrusions tracked by the Falcon OverWatch team last year, 75% were
financially motivated, 24% were state-sponsored "targeted" intrusions and 1% was
attributed to hacktivism.

CrowdStrike

The vast majority of nation-state threat activity observed by CrowdStrike in
2020 was attributed to Chinese advanced persistent threat groups.


On the financial front, the Russian cybercrime gang known as Wizard Spider was
by far the most prolific adversary group, featuring double the number of
intrusions than any other group Falcon OverWatch observed. They're known for
using Conti and Ryuk ransomware; the latter was called out in the report as a
common ransomware family seen last year.

Russia's representation on the financially motivated cybercrime side contrasts
with nation-state intrusions recorded in the past year. Over half of the
targeted intrusions were credited to China, with non-attributed intrusions, Iran
and North Korea following distantly behind. Russia and Vietnam only carried a
sliver each of the total pie chart seen in the report.

The reason for this, Singh said, has less to do with Russia being less prolific
in cyberespionage and more to do with how Falcon OverWatch tracks intrusions.
Much of what OverWatch tracks are corporate-focused intrusions and threats, and
China has a deeper focus on economic espionage than Russia does. The politically
motivated activity Russia is known for isn't the focus.

"It's not that the attacks are not happening; it's that the motivation for China
versus Russia is different," Singh said. "And Russia is more in the long game.
We do have good visibility when it comes to threat intelligence and other areas
-- for example Cozy Bear and some other things. But when it comes to OverWatch,
we are mostly focused on corporations. And across corporations, you will see
more [attacks attributed to] China because it is economic espionage, whereas if
you're focused more on the think tanks and the political side, you will see more
[attacks attributed to] Russia."

Telecommunications represented a major target of nation-state attacks in the
last year, according to the report, with the number of intrusions doubling year
over year. "China-nexus adversaries" were the main actors responsible, followed
by "Iran-nexus adversaries," CrowdStrike noted.

Infiltrating telecom organizations serve several nation-state objectives.

"Targeted intrusion adversaries will often conduct operations against
telecommunications providers to fulfill their surveillance, intelligence and
counterintelligence collection priorities," the report reads. "This includes
accessing information such as call detail records (CDR) and, in the case of
mobile providers, short message service (SMS) communications."

Common techniques used to gain initial access include supply chain compromise,
spear phishing and vulnerability exploitation.



DIG DEEPER ON INFORMATION SECURITY INCIDENT RESPONSE

 * 6 COMPONENTS TO LOOK FOR IN AN ENDPOINT SECURITY PLATFORM
   
   
   By: Robert Sheldon

 * CROWDSTRIKE: RANSOMWARE HIT 56% OF ORGANIZATIONS IN LAST YEAR
   
   
   By: Arielle Waldman

 * NSS LABS QUIETLY ACQUIRED BY PRIVATE EQUITY FIRM
   
   
   By: Rob Wright

 * CROWDSTRIKE: INTRUSION SELF-DETECTION, DWELL TIME BOTH INCREASING
   
   
   By: Alexander Culafi

Sponsored News
 * Three Tenets of Security Protection for State and Local Government and
   Education –Dell Technologies
 * Choosing the Right Cloud Storage Infrastructure for Improved Risk Management
   –NetApp
 * One Workspace for the Entire Work Location Continuum –Citrix
 * See More

Related Content
 * Threat intelligence key to fighting cyber crime, says... – ComputerWeekly.com
 * Comparing EDR tools: Cybereason vs. CrowdStrike vs. ... – SearchSecurity
 * CrowdStrike report says breakout time for threat ... – SearchSecurity



Latest TechTarget resources
 * Cloud Security
 * Networking
 * CIO
 * Enterprise Desktop
 * Cloud Computing
 * Computer Weekly

SearchCloudSecurity
 * Why zero-trust models should replace legacy VPNs
   
   Many organizations use legacy VPNs to secure their networks, especially in
   the work-from-home era. Expert Pranav Kumar explains ...

 * Cloud-native security benefits and use cases
   
   'Cloud native' has described applications and services for years, but its
   place in security is less clear. Get insight into ...

 * How to use the NIST framework for cloud security
   
   Aligning the NIST Cybersecurity Framework with cloud services such as AWS,
   Azure and Google Cloud can improve cloud security. ...

SearchNetworking
 * How remote work changes the future of network management
   
   The pandemic ushered in a new normal of hybrid workplaces. What's also new is
   how network teams manage these remote networks, ...

 * Comcast Business to acquire network service provider Masergy
   
   Masergy could bring needed midsize to large enterprise business to Comcast
   Business. Masergy, based in Plano, Texas, provides ...

 * CompTIA Cloud+ tips to troubleshoot cloud networks
   
   The CompTIA Cloud+ exam covers a range of topics, including how to secure and
   troubleshoot cloud networks. Some of the first ...

SearchCIO
 * 3 keys to transforming your business with hyperautomation
   
   The advancement of hyperautomation allows businesses to dramatically change
   how they operate and their ultimate success, if they ...

 * South Korea law upends app store practices
   
   A new law in South Korea enables developers to use payment systems outside
   those offered by app store platform providers. One ...

 * Governments continue to eye data privacy, forcing CIOs to adapt
   
   With new data privacy regulations like China's personal data protection law
   coming down the pike, CIOs need to make privacy and ...

SearchEnterpriseDesktop
 * Microsoft announces release date for Windows 11
   
   Windows 11 will include integration with unified communications platform
   Teams but won't initially include the option to download...

 * Microsoft to offer online-only Office, Outlook on Chromebooks
   
   Starting on Sept. 18, Chromebook users will have to rely on the web-based
   versions of the popular Microsoft apps. Google welcomed...

 * A guide to Microsoft Endpoint Manager licensing and cost
   
   There are many options for Microsoft Endpoint Manager licensing.
   Organizations should evaluate each licensing, including Intune, ...

SearchCloudComputing
 * Compare AWS Cloudtrail vs. Config for resource monitoring
   
   When your IT team needs more detailed info about resource activity in AWS,
   they have options. See how AWS Cloudtrail and Config ...

 * Understand the 5 main benefits of hybrid cloud for businesses
   
   Why choose between public cloud and private systems when you can have both?
   With hybrid cloud, enterprises can address workload ...

 * 9 IBM Cloud Paks for app modernization and cloud efforts
   
   While businesses seek benefits in outsourced and scalable infrastructure and
   services, moving to cloud creates challenges in ...

ComputerWeekly.com
 * Five things you need to know about cloud file services
   
   We look at cloud file services, which provide a file system-like architecture
   that gives users access to file data wherever they ...

 * OneWeb achieves higher orbit with Eutelsat investment, AT&T deal
   
   Controversial UK government and Bharti-owned satellite operator closes
   investment from leading French satellite operator and ...

 * Government relies on tech to reduce NHS waiting lists
   
   Health and social care secretary Sajid Javid aims to reduce NHS waiting list
   backlog through use of virtual wards, artificial ...

 * About Us
 * Editorial Ethics Policy
 * Meet The Editors
 * Contact Us
 * Videos
 * Photo Stories

 * Definitions
 * Guides
 * Advertisers
 * Business Partners
 * Media Kit
 * Corporate Site

 * Contributors
 * CPE and CISSP Training
 * Reprints
 * Events
 * E-Products

All Rights Reserved, Copyright 2000 - 2021, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info


Close