Though ransomware attacks have been highly publicized, the majority of cyberattacks exploited a combination of native software from a victim's system, memory-only malware and stolen credentials, according to the 2017 "Cyber Intrusion Services Casebook" from CrowdStrike.
The cybersecurity firm aggregated key emerging trends from incident response cases its team handled on behalf of clients. According to CrowdStrike's data healthcare accounted for 12 percent of cyber intrusions.
Here are five report insights.
1. The lines between nation-state sponsored attack groups and cybercrime actors continue to blur. Both groups are leveraging the same tactics and methods that often target Windows operating systems.
2. The average attacker dwell time was 86 days. This means it took an average of 86 days to detect an intrusion from when it first began. The more time a hacker is afforded in the environment, the more opportunity they have to find, exfiltrate or destroy data.
3. Attackers apply more self-propagation techniques to accelerate scope and scale of attacks. CrowdStrike observed malware variants that were designed to spread once a system had become infected.
4. The use of fileless malware and malware-free attacks made up 66 percent of all attacks. Attacks in which code had been executed from memory or where credentials had been stolen and leveraged for remote logins were notable in the past year.
5. Companies are getting better at self-detection. In 68 percent of the cases CrodwStrike reviewed, companies were able to internally identify a breach had occurred.
"With cybersecurity becoming a core business issue, CEOs and business leaders need to improve their ability to anticipate threats, mitigate risks and prevent damage in the wake of a security-related event," said Shawn Henry, chief security officer and president of CrowdStrike Services. "To minimize the impact of a cyber-related incident, organizations need to be aware of emerging attack trends and adversary techniques, and in turn, implement [incident response] best practices and proactive mitigation strategies.
More articles on cybersecurity:
Cryptocurrency company hacked, customers speculate $63M in losses