CrowdStrike, an Austin, Texas-based cybersecurity company, has unveiled a new research report detailing an 82% increase in ransomware-related data leaks. The company’s 8th annual Global Threat Report also outlines new operations and techniques from Iran, China, Russia and North Korea.
The report documents both the continued evolution of nation-state affiliated and criminal adversaries, as well as the increased sophistication, velocity and impact of targeted ransomware, disruptive operations and cloud-related attacks in 2021. Among the highlights, financially motivated eCrime accounted for nearly half (49%) of all observed activity. CrowdStrike Intelligence observed an 82% increase in ransomware-related data leaks in 2021, with 2,686 attacks as of December 31, 2021, compared to 1,474 in 2020.
CrowdStrike Intelligence saw on average over 50 targeted ransomware events per week with demands averaging $6.1 million per ransom, up 36% from 2020. Adversaries are increasingly exploiting stolen user credentials and identity to bypass legacy security solutions.
Iran-based adversaries adopt the use of ransomware as well as “lock-and-leak” disruptive information operations – using ransomware to encrypt target networks and subsequently leak victim information via actor-controlled personas or entities.
In 2021, China-nexus actors emerged as the leader in vulnerability exploitation and shifted tactics to increasingly targeting internet-facing devices and services like Microsoft Exchange. CrowdStrike Intelligence confirmed China-nexus actor exploitation of 12 vulnerabilities published in 2021.
Russia-nexus adversary COZY BEAR expands its targeting of IT to cloud service providers in order to exploit trusted relationships and gain access to additional targets through lateral movement. Additionally, FANCY BEAR increases the use of credential-harvesting tactics, including both large-scale scanning techniques and victim-tailored phishing websites.
The Democratic People’s Republic of Korea (DPRK) targeted cryptocurrency-related entities in an effort to maintain illicit revenue generation during economic disruptions caused by the COVID-19 pandemic.
The findings are useful to channel partners seeking to mature their security strategies and defend their clients against cyber threats.