SAN FRANCISCO — The Russians are coming for your corporate network. And so are the Chinese, and other nation states, and organized criminals.
But once the Russian state-sponsored groups like Fancy Bear and Cozy Bear compromise just one machine, they can move laterally to other systems on the network in a little under 19 minutes. This is according to Crowdstrike’s “2019 Global Threat Report.”
While the Russian groups moved the fastest, Crowdstrike’s report found other nation-state attackers are close behind. North Korean state-sponsored groups had the second-fastest average breakout time of 2 hours and 20 minutes. Chinese nation-state actors averaged 4 hours, and Iranian groups took about 5 hours. Organized criminals were the slowest, with an average time of almost 10 hours. But the report notes that some are much quicker and can rival nation states.
Crowdstrike’s 2020 report isn’t out yet, but Thomas Etheride, VP of services at Crowdstrike, said it found the overall average breakout time increased from 4 hours in 2019, to 9 hours this year, “driven primarily by the amount of e-crime activity.” But, he added, the average nation-state time remained “very, very consistent. They are still at the top of their game and can move laterally within a couple hours … nearly every nation now has a capability or an aspiration [to attack corporate networks].”
Etheride made the statements as part of the “Tales From the Front Lines” panel at the RSA Conference.
Big Game Hunting
Etheride said “big game hunting” is another trend Crowdstrike expects to see more of in 2020. This combines targeted, intrusion-style tactics for the deployment of ransomware across large organizations. And when coupled with attackers’ increasingly sophisticated tools and speed at which they can develop new malware variants “makes it harder and harder to defend against,” he explained. “We see a lot of activity across all different verticals: IT, government, education, finance, retail, and health care.”
Additionally, Crowdstrike has seen an increase in threat actors targeting cloud infrastructure. “We see that trend continuing [with attackers] looking to try to gain a foothold within organizations who are moving infrastructure critical assets to the cloud,” Etheride said. “And then the last thing is around expanding the opportunity for some of these threat actor groups to impact more organizations faster.” The way that they do this is through third-party networks — along the lines of China’s ATP 10. This group infiltrated managed service provider networks and stole companies’ intellectual property and sensitive data.
“So rather than targeting a single organization or company, a lot of times they’ll be targeting third-party service provider or managed service provider or vendors that gives them access in many cases to a whole host of organizations that the third-party supports, really winding the attack surface and their ability to do more damage quickly,” Etheride said.
This echoes recent reports and guidance from the U.S. National Security Agency (NSA) warning that supply chain attacks are on the rise.
RSA panel members said companies usually trust their internal security tools, but reminded them that it’s equally important to ensure third-party service providers and vendors’ networks are also protected and secure. “Just because you are outsourcing the security doesn’t mean you are outsourcing the risk,” said Stuart McKenzie, SVP at Mandiant. “You’ve still got the same risk.”
"network" - Google News
February 27, 2020 at 12:36AM
https://ift.tt/32tVuzC
The Russians Are Coming for Your Network - SDxCentral
"network" - Google News
https://ift.tt/2v9ojEM
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
No comments:
Post a Comment