CrowdStrike Global Threat Report 2022 – The Findings
The highly anticipated CrowdStrike 2022 Global Threat Report (GTR) is based on first-hand observations combined with insights from CrowdStrike’s vast telemetry. Entering its eighth year, the annual GTR delivers crucial insights into what security teams need to know about the perilous and ever-evolving threat landscape. This year, the report hones in on themes that have emerged during 2021, as well as recommendations on how to mitigate the associated risks. As always, CrowdStrike’s GTR forms a fundamental tool to help you protect the people, processes and technologies that drive your business.
THE MOST NOTABLE ATTACK TRENDS OF 2021
Not surprisingly, 2021 was another disruptive year in which pandemic-driven social, economic, and technological changes enabled cybercriminals to further refine their skills. As organisations battled to protect their supply chains and systems, we saw a wave of high-profile attacks. To stay ahead during 2022, it pays to be able to understand these events and gain visibility into the changing tactics of our adversaries. To consolidate its findings, CrowdStrike’s report can be unpacked into four main themes:
1. The Speed, Impact, and Advancement of Ransomware
The growth of Big Game Hunting (BGH) was felt across all sectors and all economies during 2021. CrowdStrike intelligence observed an 82% increase in ransomware-related data leaks compared to the previous year. CrowdStrike Intelligence also saw over 50 targeted ransomware events per week on average, with ransomware-related demands averaging $6.1M per ransom, up 36% from 2020. Adversaries demonstrated the ability to continually move operations to new approaches, with adaptability being the key to success.
2. The Evolution of Nation-State Affiliated Adversaries
Financially motivated eCrime activity continued to dominate the interactive intrusion attempts tracked by CrowdStrike OverWatch during 2021. Intrusions attributed to eCrime accounted for 49% of all observed activity. The use of high-profile lock-and-leak operations gave Iran an effective ability to target its rivals both locally and abroad with disruptive ransomware. Meanwhile, Chinese actors shifted their preferred exploitation methods from requiring user interaction to independently developing exploits or acquiring them from the in-country hacker community.
3. The Log4j Vulnerability
Log4Shell received more attention than any other vulnerability in 2021 due to the number of potentially affected endpoints. You could say it set the internet on fire. To quickly breakdown the gravity of this vulnerability - the universal logging library is used by many web applications and can be exploited by remote attackers to inject code. Specially crafted requests can result in access to systems, delivery of malware and data acquisition. To put it in non-technical terms, it would be the same as giving the keys to your house (without even realising) to a complete stranger you just saw pass in front of you.
At the end of 2021, a variety of groups incorporated Log4 Shell into their arsenal and aggressively engaged in widespread exploitation.
4. The Rising Abuse of Cloud-Based Services
As cloud-based services formed a crucial part of many business processes, they became an increasingly common target for malicious actors. Common cloud attack vectors include: Cloud Vulnerability Exploitation (CVE), credential-based intrusions, cloud service provider abuse, cloud-based malware delivery and exploitation of misconfigured image containers.
PRACTICAL RECOMMENDATIONS FOR YOUR BUSINESS
CrowdStrike’s GTR includes recommendations to assist you in addressing possible vulnerabilities within your business before they can be leveraged by cybercriminals. There are nine key recommendations within the report. However, we’ve pulled out the following suggestions, which we believe are paramount to helping strengthen your security posture:
- Secure all critical areas of enterprise risk - it's vital to secure critical areas such as endpoints and cloud workloads, identity, and data. Solutions should include accurate detections, automated protection and remediation, elite threat hunting and prioritised observability of vulnerabilities. Be sure you know what you protecting.
- Invest in solutions that prioritise speed and agility - data breaches can wreak havoc in a matter of hours, which makes speed truly of the essence when it comes to protecting your business. Speed and agility are fundamental, along with the visibility and automation of preventative, detention, investigative and response workflows. CrowdStrike Falcon Identity Threat Protection enables hyper-accurate threat detection and real-time prevention of identity-based attacks, combining the power of AI behavioural analytics and a flexible policy engine to enforce risk-based conditional access.
- Utilise expert threat hunting - the combination of technology with expert threat hunters is fundamental to stop sophisticated threats that bypass legacy security solutions. At CrowdStrike managed services such as Falcon Complete and Falcon OverWatch can help you to improve your skills and gain invaluable expertise, resources, and coverage. They are best positioned to help you as they track the adversaries that are targeting you.
- Build a culture of security - regardless of the security technologies you implement, the end-user will always be a crucial link in the chain and your last line of defence against data breaches. By building a cybersecurity culture, you can encourage continual user awareness, identify gaps, and reduce weaknesses in your cybersecurity practises and response.
- An extra recommendation that I would suggest is to Eliminate any misconfigurations – The most common cause of cloud intrusions is due to human error introduced during common administrative tasks. It is important that your infrastructure is set up in a structured way and is audited in the same manner to alleviate any further lapses in security configuration.
IMPROVING YOUR CYBERSECURITY IN 2022 AND BEYOND
2021 has taught us that adaptability and perseverance are fundamental. However, as our businesses find paths forward with new technologies and solutions, we need to be aware of the new risks and vulnerabilities that we create. As we move further into 2022, our adversaries will not only look for new ways in which they can bypass our security measures but continue to use tried-and-tested techniques.
In response to both existing and evolving threats, CrowdStrike intelligence provides industry-leading insights, analysis, and threat intelligence. To find out more, download the 2022 Global Threat Report. Or, for more information on the CrowdStrike Falcon platform, get in touch with the InfoTrust team today. We are experts in the CrowdStrike Platform and can help you at every step of your endpoint security journey with CrowdStrike's industry-leading solution.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help