A new report reveals threat actors are using the same ransomware as in previous years – but relying on new malware-free intrusion methods and ransomware-as-a-service offerings to evade popular mitigation techniques.
Cyber criminals are increasingly leaning on ransomware-as-a-service (RaaS) and malware-free intrusion methods while evading popular detection and mitigation techniques employed across the public and private sectors, according to a new report.
CrowdStrike published the 2022 OverWatch Threat Hunting Insights report on Tuesday. The report details a 50% increase in interactive intrusion campaigns mainly targeting the technology, telecommunications, manufacturing and healthcare industries, as well as the federal government. The team identified at least 36 threat actors conducting interactive intrusion activity across Russia, North Korea, Iran, China and Turkey, including eCrime and targeted intrusions, from July 2021 to June 2022.
The CrowdStrike assessment noted how ransom-seeking cyber criminals were largely responsible for the rise of intrusion activity targeting the healthcare industry, following a significant uptick of intrusion attacks targeting the sector throughout the COVID-19 pandemic, as FCW previously reported. The report also observed a "significant abuse of valid and compromised credentials" and a sudden shift in phishing tactics following Microsoft's announcement about the disabling the popular malware delivery method, virtual basic application macros.
Param Singh, vice president of Falcon OverWatch at CrowdStrike, said in a press release accompanying the report that the threat landscape is "as complicated as ever" amid new global economic challenges and geopolitical tensions.
"To thwart brazen threat actors, security teams must implement solutions that proactively search for hidden and advanced attacks every hour of every day," Singh added.
Organizations are facing "unprecedented" risks as threat actors increasingly sharpen their skills faster than mitigation techniques can be developed and deployed, according to the report, which recommended teams take a proactive approach to threat hunting and identifying vulnerabilities. While threat actors are continuing to use the same ransomware, they are now employing RaaS models and new tools in their tradecraft to exploit vulnerabilities and break into new hosts in victim environments at faster rates than ever before.
Targeted intrusions impacting the telecommunications industry sharply outweighed all other observed sectors, while thefts largely targeted the technology and manufacturing fields. Government ranked third in the top five industries that faced observed targeted intrusions.