Dubai, United Arab Emirates: CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity, intelligence and data, today announced the release of the 2022 CrowdStrike Global Threat Report, which details an 82% increase in ransomware-related data leaks, debuts two new adversaries – WOLF (Turkey) and OCELOT (Colombia) – and adds 21 new tracked adversaries across the globe. The 8th annual Global Threat Report also outlines new operations and techniques from the Big Four: Iran, China, Russia and North Korea, breaks down the aftermath of the Log4Shell attacks and shows adversaries are moving beyond malware, as 62% of recent detections were malware-free.

The landmark CrowdStrike Intelligence report documents both the continued evolution of nation-state affiliated and criminal adversaries, as well as the increased sophistication, velocity and impact of targeted ransomware, disruptive operations and cloud-related attacks in 2021. Key findings in this year's report give organizations the insight required to mature their security strategies and defend their businesses against prolific cyber threats.

Nation-State and Criminal Groups Continue to Expand

The 2021 threat landscape became more crowded as new adversaries emerged. CrowdStrike Intelligence today tracks more than 170 in total. Notable adversary updates include:

  • Financially motivated eCrime activity continues to dominate the interactive intrusion attempts tracked by CrowdStrike OverWatch. Intrusions attributed to eCrime accounted for nearly half (49%) of all observed activity.
  • Iran-based adversaries adopt the use of ransomware as well as “lock-and-leak” disruptive information operations – using ransomware to encrypt target networks and subsequently leak victim information via actor-controlled personas or entities.
  • In 2021, China-nexus actors emerged as the leader in vulnerability exploitation and shifted tactics to increasingly targeting internet-facing devices and services like Microsoft Exchange. CrowdStrike Intelligence confirmed China-nexus actor exploitation of 12 vulnerabilities published in 2021.
  • Russia-nexus adversary COZY BEAR expands its targeting of IT to cloud service providers in order to exploit trusted relationships and gain access to additional targets through lateral movement. Additionally, FANCY BEAR increases the use of credential-harvesting tactics, including both large-scale scanning techniques and victim-tailored phishing websites.
  • The Democratic People's Republic of Korea (DPRK) targeted cryptocurrency-related entities in an effort to maintain illicit revenue generation during economic disruptions caused by the COVID-19 pandemic.
  • ieCrime actors — including affiliates of DOPPEL SPIDER and WIZARD SPIDER — adopted Log4Shell as an access vector to enable ransomware operations. State-nexus actors, including NEMESIS KITTEN (Iran) and AQUATIC PANDA (China), were also affiliated with probable Log4Shell exploitation before the end of 2021.

Adversary Tradecraft Becomes More Sophisticated

The report highlights that the startling growth and impact of targeted ransomware, disruptive operations and an uptick in cloud-related attacks in 2021 was a palpable force felt across nearly every industry and in every country.

  • CrowdStrike Intelligence observed an 82% increase in ransomware-related data leaks in 2021, with 2,686 attacks as of December 31, 2021, compared to 1,474 in 2020.
  • CrowdStrike observed 2,721 Big Game Hunting incidents in 2021.
  • CrowdStrike Intelligence saw on average over 50 targeted ransomware events per week.
  • Observed ransomware-related demands averaged $6.1 million per ransom, up 36% from 2020.
  • Adversaries are increasingly exploiting stolen user credentials and identity to bypass legacy security solutions – of all detections indexed in the fourth quarter of 2021, 62% were malware-free.
  • The CrowdStrike eCrime Index (ECX) depicts that ransomware attacks were highly lucrative spanning all of 2021. The ECX displays the strength, volume and sophistication of the cybercriminal market, and is updated weekly based on 20 unique indicators of criminal activity, tracking things like Big Game Hunting victims, data leaks, and ransom demands.

“As cybercriminals and nation-states around the world continue to adapt in the changing, interconnected landscape, it’s critical that businesses evolve to defend against these threats by integrating new technologies, solutions and strategies,” said Adam Meyers, senior vice president of intelligence at CrowdStrike.

“The CrowdStrike Falcon platform, powered by the world-class intelligence that informs this annual report, offers the full suite of tools necessary to deliver hyper-accurate detections, automated protection and the remediation needed to stop threats in their tracks. The annual Global Threat Report paints a picture that shows enterprise risk is coalescing around three critical areas: endpoints, cloud workloads, identity and data, and provides a valuable resource for organizations looking to bolster their security strategy,” he added. 

-Ends-

About CrowdStrike

CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

Learn more: https://www.crowdstrike.com/ 

For further information, please contact:
Lejo Johnny
Leidar MENA
Email: lejo.johnny@leidar.com 

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2022

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.