Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

October 11, 2018 |

CrowdStrike Report Reveals Cyber Intrusion Trends from Elite Team of Threat Hunters

Mid-year OverWatch report provides insights into growing intrusion trends; highlights top threats and targeted industries based on reviewing more than 25,000 attempted intrusions

CrowdStrike Inc., the leader in cloud-delivered endpoint protection, has announced the release of its†Observations From the Front Lines of Threat Hunting†report. The report analyzed threat data from†CrowdStrike Falcon OverWatch, the company’s industry-leading managed threat hunting team that detects intrusions by sophisticated and stealthy adversaries, to reveal insights into attacker tactics, techniques, and procedures (TTPs). The report also leveraged CrowdStrike’s industry-leading threat telemetry, which processes 1 trillion security events a week across 176 countries, to provide additional context into the 25,000 attempted intrusions that CrowdStrike OverWatch stops in a year. Overall, 48% of intrusion cases identified involved targeted intrusions from adversaries with a nation-state nexus, while 19% were conducted by eCrime actors.

According to the report, the technology, professional services, and hospitality sectors were targeted most often by cyber adversaries. The actors used a variety of novel tactics, demonstrating particular creativity and perseverance in defense-evasion and credential-access TTPs such as the use of Windows Internal tool, Active Directory Explorer, for one-time credential dumping. Notable percentages of intrusion cases by vertical include:

  • Technology: 36%
  • ProfessionalServices: 17%
  • Hospitality: 8%
  • Defense and Federal: 7%
  • Non-governmental Organizations: 7%

“Today’s adversaries are persistent in their mission to target and infiltrate all types of industries. Organizations can no longer rely on reactive approaches to stay protected. Instead, they need to start with an assumption that someone might have already breached the perimeter and proactively hunt for them 24/7/365 on systems. This is why CrowdStrike pioneered threat hunting as a service, enabling us to find the needle in the haystack in our customer networks and identify intrusions what would otherwise go unnoticed,” said Dmitri Alperovitch, CrowdStrike’s chief technology officer and co-founder.

Notable findings include:

  • Uptick in Chinese Targeting.†OverWatch data identifies China as the most prolific nation-state threat actor during the first half of 2018. Data shows that Chinese adversaries have made targeted intrusion attempts against multiple sectors of the economy, including biotech, defense, mining, pharmaceutical, professional services, transportation, and more.
  • eCrime Actors are Increasing Interest in Cryptocurrency Mining:†OverWatch identified multiple intrusions against victims in the legal and insurance industries where criminal perpetrators gained privileged access to internal networks. In these cases, adversaries pursued post-exploitation financial gain by deploying cryptocurrency miners and employed techniques that allowed them to perform extensive lateral movement, creating as large a foothold as they could to commandeer resources for mining.
  • Increased Targeting of the Biotechnology Industry.†OverWatch observed continued targeted adversary interest in the biotechnology industry vertical, with industrial espionage likely being the motivation behind multiple attacks. The tactics observed usually occurred from adversaries looking to maintain an ongoing data collection effort against organizations in the sector.
  • Continued Blurred Lines:†A key†theme†noted in the CrowdStrike 2017 Global Threat Report was the blurring of lines between the TTPs of highly skilled nation-state adversaries and their criminally motivated counterparts. That trend continued as CrowdStrike saw less skilled criminal actors adopt more advanced TTPs used by well-known nation-state actors.

“This report provides an additional layer of insight and analysis into the latest attacker trends and techniques,” said Jennifer Ayers, CrowdStrike vice president of OverWatch and Security Response. “It is a valuable resource to help organizations more strategically understand the threat landscape, learn new hunting methodologies and increase investigation efficiency against persistent cyber adversaries.”

One of the key metrics that CrowdStrike OverWatch tracks for all intrusions it identifies is “breakout time” – the time that it takes an intruder to begin moving laterally outside of the initial beachhead to other systems in the network. The current average breakout time is 1 hour and 58 minutes, which means that if defenders are able to detect, investigate and remediate the intrusion within 2 hours, they can stop the adversary before they can cause serious damage. We recommend that all organizations adopt the 1-10-60 rule:

  • Strive to detect a threat in 1 minute on average
  • Investigate the detection in 10 minutes
  • Remediate and contain the attack in 1 hour

The deep technical expertise of the OverWatch team and the technology capabilities of the†Falcon platform†ensure that customers are protected 24/7/367. CrowdStrike technology delivers and unifies next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, IT hygiene, vulnerability management, and threat intelligence — all delivered via a single lightweight agent.


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience