Threat Management

Cyberattacks increase as lines blur between state-sponsored and trade-craft attacks, report

Researchers have noticed an uptick in threats from multiple Chinese adversaries, more cryptominers, and cyberattacks targeting the biotechnology sector as the lines between state-sponsored attacks and tradecraft attacks blur.

CrowdStrike researchers observed nearly half (48 percent) of intrusions detected were state-sponsored attacks while 33 percent were unknown and 19 percent were instances of eCrime, according to the firm’s OverWatch Report.

The report was intended to provide insights into intrusion trends while highlighting the top threats and targeted industries based on more than 25,000 attempted intrusions.

Nearly all of these attacks (97 percent) targeted Windows systems with prime targets including Policy NGOs, biotechnology, and technology companies.

To carry out these intrusions, threat actors used novel tactics, demonstrating particular creativity and perseverance in defense-evasion and credential-access TTPs such as the use of Windows Internal tool, Active Directory Explorer, for one-time credential dumping, the report stated.

Researchers also noted an uptick in attacks targeting the technology, professional services, hospitality, defense and federal, and non-governmental organizations.

Another contributing factor was the rise in the value of cryptocurrency prices in 2017 leading to an uptick in cryptocurrency miner attacks which in turn encouraged actors to shift away from their traditional objectives to chase digital currency, Crowdstrike said.

In one attack that was called out, an unknown adversary established persistence on an infected host belonging to a senior executive in the organization and the Windows Registry had been modified to execute Powershell commands upon execution of Explorer.

“Industrial espionage is the likely motive behind these attacks,” researchers said in the report. “During the rollout of the Falcon platform to one such customer in the first quarter of 2018, OverWatch was able to quickly identify an existing breach.”

Researchers added that they see no evidence suggesting these trends will change significantly over the next several months.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.