The security problems that plague organizations today actually haven’t changed much in 30 years. Weak and shared passwords, misconfigurations and vulnerabilities are problems that have tormented the industry for years and persist to this day. What’s changed is the speed and sophistication at which today’s adversary can weaponize these weaknesses.
Alert overload is practically a given for security teams today. Analysts are inundated with new detections and events to triage, all spread across a growing set of disparate, disconnected security tools. In fact, they’ve burgeoned to such an extent that the average enterprise now has 45 cybersecurity-related tools deployed across its environment.
Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that many legacy solutions have no visibility of or means of stopping.
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools.
CrowdStrike is introducing memory scanning into the CrowdStrike Falcon sensor for Windows to increase visibility and detect in-memory threats, adding another layer of protection against fileless threats. In recent years, threat actors have increased their dependence on fileless or malware-free attacks.
The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an organization and carefully plan their attack before they strike. This week Falcon Complete™, CrowdStrike’s leading managed detection and response (MDR) service, announced a new managed service capability that once again sets the standard for MDR.
The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4Shell vulnerabilities disclosed in 2021, have led to a greater focus on identity protection as adversaries rely on valid credentials to move laterally across target networks.
On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper).
