Intruders rev up attacks, shift aim to manufacturing during pandemic

Hands-on-keyboard intrusions surpassed full-year 2019 numbers just in the first half of 2020, driven mainly by the continued acceleration of cybercrime but has also been impacted by the effects of the pandemic as firms rapidly adopted remote workforces.

This is according to the CrowdStrike Falcon OverWatch 2020 Threat Hunting Report, which found a massive uptick in intrusion activity and a sharp escalation in manufacturing sector targeting.

“Just like everything this year, the threat landscape has proven unpredictable and precarious as eCrime and state-sponsored actors have opportunistically taken aim at industries unable to escape the chaos of COVID-19, demonstrating clearly how cyber threat activity is intrinsically linked to global economic and geo-political forces,” said Jennifer Ayers, VP of OverWatch and Security Response at CrowdStrike.

Ayers said firms must implement a layered defence system that incorporates basic security hygiene, endpoint detection and response (EDR), expert threat hunting, strong passwords and employee education to properly defend their environments.

The mid-year report showed that, as in the past three years, sophisticated cybercrime activity continues to outpace state-sponsored activity, accounting for over 80% of interactive intrusions. 

The study also find taht This does not indicate a reduction in nation-state activity, but reflects the extraordinary success threat actors have seen with targeted intrusions using ransomware and Ransomware-as-a-Service (RaaS) models, which have contributed to a proliferation of activity from a wider array of cybercrime actors.

Also, there was a sharp escalation of activity in the manufacturing sector in the first half of 2020 in terms of both the quantity and sophistication of intrusions from both cybercriminals and nation states, making it the second most targeted vertical observed by OverWatch. 

Healthcare and food and beverage also saw increased targeting, suggesting that adversaries have adjusted their targets to the shifting economic conditions resulting from the pandemic, focusing on industries made vulnerable by complex operating environments that experienced sudden changes in demand.

Further, the telecommunications industry continues to be a popular target for the nation-states, specifically China. OverWatch observed six different China-based actors, whose motivations are likely associated with espionage and data theft objectives, conducting campaigns against telecommunications companies in the first half of the year.