Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2022

Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365

As many organizations move to the cloud, CrowdStrike has noticed a significant increase in both opportunistic and targeted attacks against cloud resources, with a large number of these attacks targeting organizations’ Microsoft 365 (M365) infrastructure, often specifically around their business email service, or Exchange Online.

CrowdStrike Achieves 100% Prevention in Recent MITRE Engenuity ATT&CK Evaluation Emulating Russia-based Threat Groups

At CrowdStrike, we believe that rigorous, independent testing is a vital part of the security ecosystem. It provides customers with transparency and insight into the critical capabilities required to stop today’s sophisticated threats. That’s why I’m excited to share the results of Round 4 of the MITRE Engenuity ATT&CK Enterprise Evaluation: The CrowdStrike Falcon platform stops breaches with 100% prevention, comprehensive visibility and actionable alerts.

Introduction to Active Directory Security

Active Directory (AD) is legacy technology that was not designed for modern attacks – yet it is still relied on by over 90% of the Fortune 1000 companies. This video highlights how modern attacks like ransomware exploit this “weakest link in your cyber defense”, and why this is a problem you cannot afford to ignore.

Maintaining Security Consistency from Endpoint to Workload and Everywhere in Between

In today’s fast-paced world, mobility, connectivity and data access are essential. As organizations grow and add more workloads, containers, distributed endpoints and different security solutions to protect them, security can quickly become complex. Modern attacks and adversary tradecraft target vulnerable areas to achieve their objectives. Threats can originate at the endpoint to attack the cloud, or cloud-based threats can attack vulnerable endpoints.

Identity Protection Solution

80% of modern attacks are identity-driven, leveraging stolen credentials. Existing endpoint-only security solutions are simply not designed to protect against these attacks. Learn how CrowdStrike Identity Protection - fully integrated with the CrowdStrike Falcon Platform - helps ensure comprehensive protection against identity-based attacks in real-time.

CrowdStrike Named a Leader in The Forrester Wave: Cybersecurity Incident Response Services, Q1 2022

CrowdStrike has been recognized as a Leader in the Forrester Wave™ for Cybersecurity Incident Response Services. When it comes to incident response (IR), time is of the essence. The longer it takes to detect threat activity, investigate an incident and remediate systems across highly distributed environments, the deeper into the threat lifecycle the adversary gets.

CrowdStrike Named a Strong Performer in 2022 Forrester Wave for Cloud Workload Security

“In its current CWS offering, the vendor has great CSPM capabilities for Azure, including detecting overprivileged admins and enforcing storage least privilege and encryption, virtual machine, and network policy controls.” – The Forrester Wave™: Cloud Workload Security, Q1 2022 CrowdStrike is excited to announce we have been named a “Strong Performer” in The Forrester Wave:™ Cloud Workload Security, Q1 2022.

Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack

In an effort to stay ahead of improvements in automated detections and preventions, adversary groups continually look to new tactics, techniques and procedures (TTPs), and new tooling to progress their mission objectives. One group — known as BlackCat/ALPHV — has taken the sophisticated approach of developing their tooling from the ground up, using newer, more secure languages like Rust and highly customized configuration options per victim.

Cloud Security Reimagined | Think it. Build it. Secure it.

Experience the power of the world’s most advanced cloud security platform. Gain full visibility and control across all clouds and applications. Build securely, accelerate application delivery and time to market. Automate security across the entire application lifecycle and improve security without compromising performance.

Cloud Security Reimagined | Stop Breaches

With the growth in cloud and the need for speed and agility in today’s digital business it’s vital to have a cloud security solution that goes beyond simply detecting threats leaving you to do all the work. At CrowdStrike we take an adversary approach and we stop breaches, while eliminating shadow IT, reducing complexity and actually securing the cloud infrastructure, apps and data across any cloud.

Cloud Security Reimagined | Shift Left

The power and scale of modern app development adds new risks and expands the attack surface, leaving little room for traditional security intervention. It’s important to shift-left, arming developers with the tools they need to build securely in the cloud. This shift weaves security into the existing CI/CD processes allowing developers to integrate security directly into the tools they use, resulting in more secure apps and less headaches.

Cloud Security Reimagined | See more. Know more. Do more.

Most cloud breaches today result due to human error involving misconfigurations and lack of visibility into multi-cloud environments. We stop breaches. At CrowdStrike, we integrate MITRE framework, compliance standards and threat intelligence to deliver context, visibility and advanced security consistency across endpoints and workloads. Stop breaches. Gain full visibility and control across all clouds and applications with CrowdStrike Falcon Horizon CSPM. See more. Know more. Do More.

Your Current Endpoint Security May Be Leaving You with Blind Spots

Threat actors are continuously honing their skills to find new ways to penetrate networks, disrupt business-critical systems and steal confidential data. In the early days of the internet, adversaries used file-based malware to carry out attacks, and it was relatively easy to stop them with signature-based defenses. Modern threat actors have a much wider variety of tactics, techniques and procedures (TTPs) at their disposal.

CrowdStrike and Cloudflare Expand Zero Trust from Devices and Identities to Applications

Threat actors continue to exploit users, devices and applications, especially as more of them exist outside of the traditional corporate perimeter. With employees consistently working remotely, adversaries are taking advantage of distributed workforces and the poor visibility and control that legacy security tools provide.

cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)

CrowdStrike’s Cloud Threat Research team discovered a zero-day vulnerability (CVE-2022-0811) in CRI-O (a container runtime engine underpinning Kubernetes). Dubbed “cr8escape,” when invoked, an attacker could escape from a Kubernetes container and gain root access to the host and be able to move anywhere in the cluster.

Falcon OverWatch Threat Hunting Uncovers Ongoing NIGHT SPIDER Zloader Campaign

Over recent months, the CrowdStrike Falcon OverWatch™ team has tracked an ongoing, widespread intrusion campaign leveraging bundled.msi installers to trick victims into downloading malicious payloads alongside legitimate software. These payloads and scripts were used to perform reconnaissance and ultimately download and execute NIGHT SPIDER’s Zloader trojan, as detailed in CrowdStrike Falcon X™ Premium reporting.

Empower Your SOC with New Applications in the CrowdStrike Store

With chaos seemingly surrounding us in security, it can be hard to cut through the noise. How do you detect and prioritize evolving threats and what tools should you use to address them? With new attacks and vulnerabilities on the rise, combined with ineffective security tools and the industry’s ongoing skill shortage, security operations center (SOC) teams struggle to protect organizations from adversaries.

Buying IAM and Identity Security from the Same Vendor? Think Again.

With the growing risk of identity-driven breaches, as seen in recent ransomware and supply chain attacks, businesses are starting to appreciate the need for identity security. As they assess how best to strengthen identity protection, there is often an urge to settle for security features or modules included in enterprise bundles from the same vendor providing their identity or identity and access management (IAM) layer.

CrowdStrike and Cloud Security Alliance Collaborate to Enable Pervasive Zero Trust

The security problems that plague organizations today actually haven’t changed much in 30 years. Weak and shared passwords, misconfigurations and vulnerabilities are problems that have tormented the industry for years and persist to this day. What’s changed is the speed and sophistication at which today’s adversary can weaponize these weaknesses.

Five Steps to Kick-start Your Move to XDR

Alert overload is practically a given for security teams today. Analysts are inundated with new detections and events to triage, all spread across a growing set of disparate, disconnected security tools. In fact, they’ve burgeoned to such an extent that the average enterprise now has 45 cybersecurity-related tools deployed across its environment.

The Easy Solution for Stopping Modern Attacks

Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that many legacy solutions have no visibility of or means of stopping.

PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell

At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools.

CrowdStrike Falcon Enhances Fileless Attack Detection with Intel Accelerated Memory Scanning Feature

CrowdStrike is introducing memory scanning into the CrowdStrike Falcon sensor for Windows to increase visibility and detect in-memory threats, adding another layer of protection against fileless threats. In recent years, threat actors have increased their dependence on fileless or malware-free attacks.

Reinventing Managed Detection and Response (MDR) with Identity Threat Protection

The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an organization and carefully plan their attack before they strike. This week Falcon Complete™, CrowdStrike’s leading managed detection and response (MDR) service, announced a new managed service capability that once again sets the standard for MDR.

How a Strong Identity Protection Strategy Can Accelerate Your Cyber Insurance Initiatives

The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4Shell vulnerabilities disclosed in 2021, have led to a greater focus on identity protection as adversaries rely on valid credentials to move laterally across target networks.

Featured Post

Threat intelligence is your first line of ransomware defense

Ransomware criminals are masters of their trade. They deploy a wide variety of techniques to infiltrate targeted systems and exfiltrate valuable data. Threat actors are located all over the world, and it can often seem impossible to keep track of emerging threats.

Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities

On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper).