As CrowdStrike’s Advanced Memory Scanning capability has matured, so have its applications. CrowdStrike detection engineers and researchers work tirelessly to ensure the CrowdStrike Falcon® platform’s detection content stays ahead of adversaries. The following case study describes how CrowdStrike leverages memory scanning in combination with new IOAs to provide world-class protection to our customers.

Adversaries are continuing to expand their attacks by adding tactics like domain abuse, multifactor authentication (MFA) fatigue and unique crafted exploit kits acquired from underground forums. Typosquatted domains pose a risk for any organization as they are used at the start of the attack chain, with the goal of misdirecting users to a look-alike site to steal their identities.

We couldn’t be prouder that CrowdStrike achieved the highest coverage across the last two consecutive MITRE Engenuity ATT&CK® Evaluations. We achieved 100% protection, 100% visibility and 100% analytic detection coverage in the Enterprise Round 5 evaluation — which equates to 100% prevention and stopping the breach. We also achieved the highest detection coverage in the Managed Security Services Providers testing.

CrowdStrike is raising the bar for proactive detection and response with the introduction of CrowdStrike Falcon® Counter Adversary Operations Elite, the industry’s first and only white-glove service created to rapidly disrupt sophisticated adversaries with the fusion of industry-leading intelligence and threat hunting.*

CrowdStrike’s AI-powered Falcon platform has achieved flawless 100% protection, 100% visibility and 100% analytic detection coverage in Round 5 of the MITRE Engenuity ATT&CK® Evaluations: Enterprise. The Falcon platform stopped 13 of 13 protection scenarios spanning every stage of an attack, without relying on prior knowledge or legacy signatures. We believe these results demonstrate the superior security outcomes and power of a unified platform that is purpose-built to stop breaches.

The endpoint is both the hub of modern productivity and the epicenter of organizational risk. As the endpoint emerged as the technology interface between humans and the digital world, it also became the attack surface of the modern adversary. Nearly 90% of successful cyberattacks start at the endpoint, as adversaries look to gain a foothold to launch identity-based attacks, pivot to cloud infrastructure, exploit vulnerabilities and more.

I’m excited to share that today at Fal.Con, CrowdStrike announced it has agreed to acquire Bionic, a pioneer of application security posture management (ASPM). This will give our customers the most seamless and comprehensive view of cloud risk — from code development through runtime — in a single, unified platform.

Cybersecurity is about speed. The faster you can detect an attack, the faster you can respond and stop adversaries in their tracks — and they are steadily growing quicker and more sophisticated, with an average breakout time of only 79 minutes. Companies with the ability to perform under pressure are in the best position to defend against modern threats. But speed is a common problem for many organizations.

At CrowdStrike, our mission is to stop breaches. We’re constantly researching and developing new technologies to stay ahead of sophisticated threats and stop adversaries from advancing their attacks. With collaborators like Intel, we’re at the forefront of integrating hardware, software and services to address the current and future challenges of the security professional.

If you still rely on legacy antivirus software to stop modern cyberattacks, this post is for you. Today’s adversaries are relentless. While many threat actors have adopted newer techniques such as data extortion, identity-based threats and in-memory attacks to achieve their goals, some continue to rely on tried-and-proven threats — and legacy software is no match for either.

CrowdStrike is expanding access to its market-leading managed detection and response (MDR) service, CrowdStrike Falcon® Complete. With the announcement of Falcon Complete for Service Providers, CrowdStrike partners can now license and build upon Falcon Complete to provide 24/7 expertise to customers, empowering them to augment their cybersecurity teams and stop breaches.

CrowdStrike Counter Adversary Operations monitors for and attempts to disrupt eCrime threat actors across a broad spectrum of malicious activity, ranging from sophisticated ransomware campaigns to simpler but often highly effective forms of fraud.

Two new local privilege escalation vulnerabilities were recently discovered in Ubuntu: CVE-2023-2640 (CVSS 7.8) and CVE-2023-32629 (CVSS 7.8). The vulnerabilities, dubbed GameOver(lay), affect the OverlayFS module in multiple Ubuntu kernels. Ubuntu’s official security bulletin here and here outlines the impacted versions by both CVEs. It’s important to note that CrowdStrike Falcon® Cloud Security protects against both vulnerabilities.

The fastest adversary can “break out” — or move laterally — in only seven minutes after compromising an endpoint. Yes, you heard that right. Seven minutes. In the relentless race against adversaries, every second counts. To avoid breaches, you need to detect and stop adversaries before they can break out and expand their realm of control.

In today’s rapidly evolving digital landscape, K-12 school districts are harnessing the power of technology to transform education. The widespread adoption of Chromebooks has revolutionized the learning process, providing students with tools for collaboration, research and creativity. However, along with these advancements come unprecedented cybersecurity challenges that demand a comprehensive strategy.

In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries and review how the CrowdStrike Falcon platform can detect and prevent these attacks.