Adversaries have moved beyond malware to conduct more sophisticated cyberattacks, according to CrowdStrike’s 2021 Threat Hunting Report released this week.

The report found 68 percent of all of the detections indexed by CrowdStrike over the past three months were not malware-based.

“Adversaries have moved beyond malware,” the report says. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land) — which are deliberate efforts to evade detection by traditional antivirus products.”

What’s more is that adversaries are accelerating targeted access to critical networks three times faster than in 2020, according to the report’s accompanying press release.

Specifically, the report found that adversaries “are capable of moving laterally within a victim environment in an average of 1 hour and 32 minutes.”

Cyber Central: Defenders Unite
 
Explore increasingly hot button cyber issues that are top-of-mind. Learn more.

“Over the past year, businesses faced an unprecedented onslaught of sophisticated attacks on a daily basis,” said Param Singh, vice president of Falcon OverWatch at CrowdStrike. “In order to thwart modern adversaries’ stealthy and unabashed tactics and techniques, it’s imperative that organizations incorporate both expert threat hunting and threat intelligence into their security stacks, layer machine-learning enabled endpoint detection and response (EDR) into their networks and have comprehensive visibility into endpoints to ultimately stop adversaries in their tracks.”

The release of the report comes as the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency both published key draft guidance documents this week, directing Federal civilian agencies to transition to zero trust security concepts over the next three years and guiding agencies to securely migrate to cloud services.

Zero trust security concepts weave security throughout the network – with users, endpoints, applications, and files on the network and in the cloud monitored and authenticated at every access point.

Although the CrowdStrike report did not explicitly recommend a transition to zero trust security concepts, it did recommend organizations protect identities and stop valid credentials from falling into the hands of adversaries.

“To mitigate against the impacts of adversaries’ use of valid accounts, defenders should employ the principle of least privilege and routinely monitor authentication logs, account creation, and changes in user privileges,” the report says.

Read More About
About
Grace Dille
Grace Dille
Grace Dille is MeriTalk's Assistant Managing Editor covering the intersection of government and technology.
Tags