Cobalt Strike, for example, is an extremely powerful and robust penetration-testing tool that has been adopted by e-crime actors, who leverage both legitimate licenses and pirated copies of the software. Malicious actors are continually looking for new tools, according to the CrowdStrike research. Hackers continuously refine tools, techniques Zero day vulnerabilities continue to be a big problem for defenders, particularly those who are focused on individual CVEs, which necessitates the requirement for proactive threat hunting as a means to be able to identify and disrupt as yet unknown malicious activity, Lowe said.
CROWDSTRIKE COBALT STRIKE SERIES
“This approach is critical when one considers those volumes of disclosed vulnerabilities along with some of the observed trends that we see, including exploit chaining, where adversaries are combining multiple discrete series to reach their objectives,” he said.Īdversaries are quick to develop working proof of concepts for newly disclosed vulnerabilities.
Overwatch focuses its hunting operations on post-exploitation behaviors rather than on specific common vulnerabilities and exposures (CVE), Lowe said. 1, 2022, there were 13,000 new vulnerabilities disclosed for the year compared to 20,000 publicly disclosed vulnerabilities in all of 2021, noted Overwatch. The number of interactive intrusions has risen along with an increase in the number of zero-day vulnerabilities and Common Vulnerabilities and Exposures (CVEs). “This type of activity is most commonly characterized as intrusions where adversaries are pursuing financially driven objectives, ransomware, of course, being the most prolific example,” said Nick Lowe, director for Falcon OverWatch at CrowdStrike. The term e-crime is the designation that CrowdStrike gives to the malicious intrusion activity that is criminally motivated. The CrowdStrike research defines interactive intrusion activity as those malicious activities that involve the use of hands-on keyboard techniques, where an adversary is actively interacting with and executing actions on a host in pursuit of their objectives. Enterprises monitored by CrowdStrike’s Falcon OverWatch threat hunters faced 77,000 attempts of hands-on, interactive intrusions, or approximately one potential intrusion every seven minutes, between July 1, 2021, and June 30, 2022-a 50% year-over-year increase, according to a new report from the cybersecurity company.īreakout time, or the time an adversary takes to move laterally from an initially compromised host to another host within the victim’s environment, fell to one hour and 24 minutes compared to one hour and 38 minutes during the year-earlier period, demonstrating that adversaries continue to sharpen their tradecraft, according to CrowdStrike.
0 kommentar(er)
