Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that many legacy solutions have no visibility of or means of stopping.
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools.
CrowdStrike is introducing memory scanning into the CrowdStrike Falcon sensor for Windows to increase visibility and detect in-memory threats, adding another layer of protection against fileless threats. In recent years, threat actors have increased their dependence on fileless or malware-free attacks.
The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an organization and carefully plan their attack before they strike. This week Falcon Complete™, CrowdStrike’s leading managed detection and response (MDR) service, announced a new managed service capability that once again sets the standard for MDR.
The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4Shell vulnerabilities disclosed in 2021, have led to a greater focus on identity protection as adversaries rely on valid credentials to move laterally across target networks.
On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper).
Many countries around the world recognized Data Protection Day in January — a day that highlights the importance of protecting individual privacy and data against misuse. The U.S. celebrated Data Privacy Day, where privacy and security have often been seen as two separate issues. This is evidenced by the way law has historically developed.
On Feb. 23, 2022, a new wiper malware was reported publicly as affecting Ukrainian-based systems. Following a series of denial-of-service attacks and website defacements, the new destructive malware corrupts the master boot record (MBR), partition and file system of all available physical drives on Windows machines. CrowdStrike Intelligence refers to this new destructive malware as DriveSlayer, and it’s the second wiper to affect Ukraine following the recent WhisperGate.