Cyber adversaries kept pace in 2021 and moved beyond malware - CrowdStrike
Ransomware-related data leaks increased by 82%. The threat landscape has become even more crowded as new adversaries emerged.
Adversary tradecraft has grown more sophisticated, CrowdStrike claimed in its new Global Threat report. Its intelligence observed an 82% increase in ransomware-related data leaks in 2021, with 2,686 attacks as of December 31, 2021, compared to 1,474 in 2020.
CrowdStrike Intelligence saw on average over 50 targeted ransomware events per week, and ransomware-related demands averaged $6.1 million per ransom.
"The annual Global Threat Report paints a picture that shows enterprise risk is coalescing around three critical areas: endpoints, cloud workloads, identity and data, and provides a valuable resource for organizations looking to bolster their security strategy," Adam Meyers, senior vice president of intelligence at CrowdStrike, is quoted in a press release.
Attackers continue to show that they have moved to malware-free solutions. They are deliberately trying to avoid detection by legacy antivirus programs. Attackers are increasingly relying on stolen user credentials to bypass legal security solutions. In Q4 2021, 62% of detections were malware-free.
CrowdStrike now tracks more than 170 adversaries. The report debuted to new adversaries - WOLF (Turkey) and OCELOT (Colombia) - and added 21 new tracked adversaries worldwide.
"The presence of these new adversaries underscores the increase in offensive capabilities outside of governments traditionally associated with cyber operations and highlights the variety of actor end goals," the threat report reads.
As for the governments traditionally associated with cyber operations, Russian, Chinese, Iranian, and North Korean adversaries were all observed employing new tradecraft or target scopes meant to respond to global trends.
"This included: Russia's targeting of IT and cloud service providers to exploit trusted relationships; China's weaponization of vulnerabilities at scale to facilitate initial access efforts; Iran's use of ransomware to blend disruptive operations with authentic eCrime activity; and the Democratic People's Republic of Korea's (DPRK) shift to cryptocurrency-related entities in an effort to maintain illicit revenue generation during economic disruptions caused by the pandemic," the report reads.
More from CyberNews:
Subscribe to our newsletter