CrowdStrike sees lines blur

Written by Mark Evans

The lines between nation-state sponsored attack groups and criminals is blurring, with both groups utilising similar tactics such as fileless malware and “living off the land” techniques involving processes native to the Windows operating system, including PowerShell and WMI (Windows Management Instrumentation).

The trend has been revealed in CrowdStrike’s Annual Cyber Intrusion Services Casebook, covering its information on attacks.

The report also has noted that the number of days between the first evidence of a compromise and its initial detection (the dwell time) is now 86 days and that malware is often self-propogating, using variants to spread once a system is infected.

However, it also reports that companies are getting better at self-detection, with 68 per cent of the reviewed cases able to internally identify the breach. This represents an 11 perc ent increase over prior years.

Related Articles