Crowdstrike Highlights Rise of Adversaries in Recent Report; Announces Upgrades to Security Offerings

Adversaries abound, and they are striking with alarming frequency—with greater intensity and, at times, cunning complexity.

That is the cybersecurity landscape today, and as Crowdstrike puts it in its “2022 Falcon Overwatch Threat Hunting Report”: There is nowhere to hide.

This is particularly true for organisations in the Asia-Pacific and Japan (APJ) region, where adversaries seem to be extraordinarily active, causing a 60% spike in interactive intrusions Year-on-Year (YoY) as opposed to the 50% YoY increase for the rest of the world. In all, 35% of cyber incidents observed by Crowdstrike in APJ were targeted—meaning, the adversaries actively went after the organisation—while 33% were e-Crimes.

A Threatening Cyber Landscape

The aforementioned statistics are a few of the relevant APJ-centric findings of the said report, released by Crowdstrike as a prelude to fal.con 2022. This in-person conference is held annually for cybersecurity professionals looking to fortify their security posture. The report’s other relevant findings, presented by Crowdstrike in a virtual media brief for selected APJ media organisations, include the following, and they underscore the grim reality of a cyber landscape full of threats.

• Adversary motivations generally fall under three categories: Nation-state cyber espionage, electronic crime (eCrime) and hacktivism (sort of a hack-for-a-cause type of thing).
• A quartet of countries—China, Russia, North Korea and, perhaps surprisingly, Turkey—are adversaries to keep an eye on. Each has advanced cyber capabilities, along with possible intentions to do something adversarial.
• Ransomware-related data leaks, a ransomware strategy in which data is exfiltrated instead of just encrypted, totalled 2,686 in 2021—up 82% from the 1,474 such attacks in 2020.
• The industrial engineering, manufacturing and technology sectors were hardest hit by ransomware-related data leaks.
• Falcon OverWatch threat hunters observed record volumes of hands-on intrusion attempts—as much as a 50% YoY increase.
• Over 77,000 potential intrusions have been observed over the past year, which equates to 1 potential intrusion every 7 minutes.
• Breakout time, or the time it takes for an adversary to move laterally from the initially compromised host to another one, is faster by 14 minutes (down to 1 hour, 24 minutes in 2021 from 1 hour, 38 minutes in 2020).

A Threatening Cyber Landscape Requires Improved Security

This threat-infested landscape only means one thing: Cybersecurity is more crucial now than ever before, so organisations will need to reinforce their security posture as much as they can. And, to that end, Crowdstrike announced at fal.con 2022 four innovations that can help in that regard:

1. Falcon Insight XDR. An upgrade of Falcon Insight, Falcon Insight XDR enables customers to leverage native and hybrid XDR—Extended Detection and Response—as a fundamental platform capability, but without disrupting existing EDR (Endpoint Detection and Response) capabilities. It also integrates third-party telemetry from both Crowdstrike XDR Alliance partners, like Cisco and Fortinet, and third-party vendors, such as Microsoft and Palo Alto.
2. CIEM (Crowdstrike Cloud Security). Crowdstrike Cloud Security is also getting an update via the expansion of its Cloud Infrastructure Entitlement Management (CIEM) capabilities. This enhanced CIEM enables proactive prevention of identity-based threats, which will, according to Gartner, be responsible for as much as 75% of security failures in the future. 
3. Falcon LogScale/Falcon LogScale Complete. Two new products, LogScale and LogScale Complete improve Crowdstrike’s log management capabilities, allowing customers to better understand and assess issues in their environment and glean actionable insights so they can optimise resource availability, uptime and security. LogScale is a standalone module for log management. LogScale Complete, on the other hand, is a fully managed log management service that combines LogScale with Crowdstrike’s expert team of service professionals.
4. Falcon Discover for IoT. Enhancements to Falcon Discover extend its capabilities towards IoT and OT environments, enabling customers to have a real-time, continuous view of the attack surface and obtain concrete insights on system health and organisational performance.

Security Must Start Somewhere

Of these four announcements, however, the upgrades to Falcon Discover might be most helpful for organisations in the region, in particular, according to Amor Kulkarni, Chief Product and Engineering Officer at Crowdstrike. This is mainly due to the region lagging behind others when it comes to security maturity.

“Falcon Discover is applicable for any maturity level or any organisation because the first step is always visibility first, whether it is for runtime security or active security, or the proactive security side,” explained Kulkarni. “With Falcon Discover and Falcon Discover for IoT, that comprehensive visibility into assets is super crucial in order to even find out what is in my organisation, what are the assets, are they all covered and so on.”

That is a good start but one that necessitates constant follow-ups because—again—the adversaries are aplenty. And they are striking with alarming frequency, with greater intensity and, at times, with cunning complexity.