Report: Cyber Criminals Target More Firms in Search of Bigger Paydays

Tech, telecom and professional services companies are the most popular targets for nefarious online actors, according to researchers at CrowdStrike.

Cyber criminals are significantly expanding and diversifying their attacks on major players in the technology, telecommunications and professional services sectors, and state-sponsored hackers remain a persistent threat to those industries as well, according to cyber experts.

In a report published Tuesday, researchers at the cybersecurity company CrowdStrike said some 61% of the malicious campaigns they uncovered during the first half of 2019 were conducted by cyber criminals, while the other 39% were launched by state-sponsored actors. That represents a sharp spike from last year, when online criminals were responsible for only about one-quarter of targeted intrusion campaigns, they said.

Researchers said the latest figures shouldn’t be interpreted as a decrease in state-sponsored hacking operations, but rather an expansion of digital crime as “adversaries escalate their activities in pursuit of more and larger payouts.” 

Roughly 30% of the campaigns researchers uncovered were directed against technology companies, and about a quarter of attacks targeted either telecommunications or professional services firms. Hackers also frequently set their sights on finance, nongovernmental organizations and academic groups.

“We’ve seen both eCrime and nation-state actors maintain a strong foothold in networks through the use of stealthy tactics,” Jennifer Ayers, CrowdStrike’s vice president of OverWatch and security response, said in a statement. “It’s obvious that attackers are continuing to ramp up in both their brazen behavior and sophisticated means. In the continually changing IT environment … it’s critical for organizations to adopt modernized threat prevention to defend against more sophisticated threats that go beyond malware with fileless attacks, zero-days and other advanced techniques."

In the report, researchers detailed a handful of specific intrusions they uncovered, including suspected state-sponsored intrusions into health care and aviation firms, as well as a company in the defense industrial base. They said the attack on the unnamed defense contractor appeared to be “an entrenched actor” exploiting “a preexisting compromise.” 

The Pentagon recently announced it would soon start requiring vendors to prove their digital security chops before they could do business with the department. Last year, Navy auditors revealed hackers from China and other foreign adversaries had spent more than a year stealing troves of military secrets from defense contractors.

According to the CrowdStrike report, China remains the most prominent sponsor of nation-state hacking operations.