New research from CrowdStrike has revealed that ransomware remained the top threat targeting businesses last year followed by banking trojans and malware downloaders.
The cybersecurity firm's 2020 CrowdStrike Global Threat Report (opens in new tab) found that financially motivated cybercrime activity occurred on a nearly continuous basis last year.
CrowdStrike observed an uptick in the number of ransomware incidents, advancements in the tactics being used by cybercriminals and increasing ransom demands from eCrime actors. These cybercriminals have also begun conducting data exfiltration with the aim of weaponizing sensitive data through threats of leaking either embarrassing or proprietary information.
- Staying one step ahead of the cyber-security hydra
- Fancy Bear hackers return to target sporting organizations
- FBI: Over $140 million handed over to ransomware attackers
Nation-state adversaries were also quite active throughout 2019 and they targeted a wide range of industries. CrowdStrike's report found that the telecommunications industry was targeted with increased frequency by threat actors such as China and North Korea. CrowdStrike Intelligence believes that China and other nations have an interest in targeting this sector in order to steal intellectual property and competitive intelligence.
According to the report, the trend toward malware-free tactics also accelerated last year with malware-free attacks surpassing the volume of malware attacks. In 2019, 51 percent of attacks used malware-free techniques compared to 40 percent in 2018 and this underscores the need for businesses to move beyond traditional antivirus solutions.
When it came to ransomware attacks, the industries targeted include local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.
To combat threats from sophisticated nation-state and eCrime adversaries, CrowdStrike recommends that businesses adopt the 1-10-60 rule. Essentially what this means is that organizations should be able to detect intrusions in under one minute, investigate in 10 minutes and contain and eliminate the adversary in 60 minutes. Organizations that meet this benchmark are much more likely to eradicate threats before they can spread from their initial entry point.
Vice president of intelligence at CrowdStrike, Adam Meyers provided further insight on the findings of the firm's report, saying:
"2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands. As such, modern security teams must employ technologies to detect, investigate and remediate incidents faster with swift preemptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule."
- We've also highlighted the best antivirus software