The battle between threat actors and those mounting cyber defenses designed to keep them out is a constant cat and mouse game. But new data from Crowdstrike, which releases an annual threat report into the state of cybersecurity, is bad reading for those trying to keep criminals out.

In the last year, for cyber intrusions where a breakout occurred, the amount of time taken to penetrate initial defences was just four and a half hours – around half the amount of time taken in 2019, when the average time was nine hours. Attackers have sped their successful attacks and organisations aren’t keeping pace, the agency concludes.

“There is a human being behind every attack, and cyber actors are getting bolder and more astute day-to-day,” said Adam Meyers, senior vice president of intelligence at CrowdStrike. “As such, it’s critical to employ comprehensive cloud-native technology for increased visibility and prevention capabilities including threat intelligence and expert threat hunting to stay one step ahead of modern-day attacks.”

Global movements imperil Europe

One of the main hubs of cybercrime has been in Latin America, where hackers have largely focused on penetrating the defences of targets in close geographical proximity to them. However, worrying developments have been tracked by Crowdstrike:

Latin American cybercriminals are now moving out beyond their borders, including incursions into Europe, where they’re launching successful attacks against victims.

The type of victims is also changing – with serious consequences for all of us. Cybercriminals have often professed to be targeting victims they believe are most deserving of their attention, and steering away from essential services such as healthcare providers. But the data compiled and analysed by Crowdstrike indicates that’s not the case.

Eighteen Big Game Hunting ransomware families infected 104 healthcare organisations in 2020, including pharmaceutical and biomedical companies. Worryingly, Crowdstrke believes this trend will continue long into 2021.

Supply chain attacks, ransomware, data extortion and nation-state threats are “more prolific than ever”, the company warns – with potentially lethal consequences. That’s particularly noticeable in the attacks launched against companies developing covid-19 vaccines – a vital part of the fightback against the disease that has wracked our planet and disrupted our way of life. 

Nation states are more involved than ever

Crowdstrike has tracked nation-state adversaries who have infiltrated networks to steal valuable data. They also report on an alarming trend of criminals improving strategies to evade detection and camouflage in networks, often successfully deceiving their targets.

The risks of the modern-day work environment in 2021 are perpetuating and enabling these sorts of attacks, Crowdstrike warns. “Today’s rapidly changing remote work environment highlights that identity protection is central to the defence of any enterprise’s infrastructure,” said Meyers.

“Organisations must take decisive action to control access and protect data in order to outmanoeuvre adversaries.”

But they shouldn’t just focus on the people at the very end of the supply chain: cybercriminals are targeting further and further up the chain of command in order to try and access systems without being really detected. eCrime attacks made up 79% of all intrusions via hands-on-keyboard activity uncovered by CrowdStrike Falcon OverWatch, the organisation’s expert team of threat hunters. 

But those intrusions are coming in places like software suppliers, meaning that a single intrusion can in fact grant access to a whole Aladdin’s cave of potential victims because of the widespread use of certain software tools or other devices and networking systems. 

The solution, as always, is to be aware of the scale of the risk and to take mitigating action to prevent falling victim. It is, of course, easier said than done – but the stakes have never been higher.