Season’s greetings from a cyber analyst: we see more than trillion suspect activities daily

Updated on: 15 November 2023

Damien Black
Senior Journalist

Image by Shutterstock

Cybersecurity analyst Crowdstrike says it is witnessing more than “a trillion events” linked to threat activity every day.

The sobering declaration was made by the company’s Strategic Threat Advisor Christian Heggen while giving an online presentation on December 1, held to alert industries and individuals alike to possible threats over the festive season.

“CrowdStrike is witnessing over a trillion events a day occurring at the endpoint level,” said Heggen, addressing the e-conference. “In terms of how we attribute these adversaries, this information is initially fed up to our cloud-based threat graph, whereby various techniques, including machine learning, are used essentially to identify discernible activity clusters - whether that's an identifiable malware campaign, targeting of a particular sector [or] geography, and so on.”

The diverse threat actors named by Heggen included criminal outfits motivated by financial gain, as well as state-sponsored groups and hacktivist collectives that pursued more ideological objectives through their hacking.

A menagerie of bad actors

State-backed groups named in Heggen’s presentation made for a colorful assortment of cyber beasts, including Cozy Bear affiliated with Russia, Octane Panda backed by China, and Hazy Tiger believed to be connected to India.

Away from ransomware groups, popular types of cyber fraud or social engineering highlighted by Heggen included the Grandparent Scam, where threat actors target the elderly by pretending to be relatives in trouble with the law and in need of “bail money,” and the Fraudulent Lottery Scheme that cons victims into paying “taxes” upfront on a bogus prize.

Heggen also warned businesses to be on the lookout for targeted phishing campaigns aimed at specific company employees, known as business email compromise (BEC) scams, which can then be used to facilitate follow-up ransomware attacks once workers have been duped into giving up sensitive access data.

Know the adversary, not just the malware

Heggen also stressed that such schemes do not require a great deal of technical know-how, meaning the public should be extra wary heading into the Christmas season as the number of phishing attempts is likely to multiply.

“Not all fraudulent schemes that we are seeing are overtly technical in nature,” he said. “Some cyber criminals are reverting to less technical means to circumvent cyber defenses as well. Often we see a number of the lower level crime adversaries using the path of least resistance and opting to conduct some of these more traditional fraudulent activities.”

Heggen urged existing and potential clients to learn to know their enemy better. “You don't have a malware problem, you have an adversary problem,” he said. “The ability to defeat advanced cyber threats rests almost entirely on your understanding of the problem. Use cyber threat intelligence to understand the contemporary threat as it pertains to you and your organization and your geography as well. Only once you understand this information can you then configure your defensive posture accordingly.”

Season’s greetings from a cyber analyst: we see more than trillion suspect activities daily

A menagerie of bad actors

Know the adversary, not just the malware

More from Cybernews: