CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today released “CrowdStrike Global Threats Report: 2013 Year in Review,” the product of CrowdStrike’s year-long study of more than 50 groups of cyber threat actors. The 30-plus page report offers insight into the evolving behaviors of these cyber attackers, naming groups in China, Iran, Russia, North Korea, and Syria that are responsible for some of the world’s most recent and visible online attacks.
The CrowdStrike Global Threats Report offers insight on the activities of several sophisticated groups of attackers, including:
DEADEYE JACKAL, commonly known as the Syrian Electronic Army (SEA)
NUMBERED PANDA, a group of China-based attackers, who conducted a number of spear phishing attacks in 2013
MAGIC KITTEN, an established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of attacks targeting political dissidents and those supporting Iranian political opposition
ENERGETIC BEAR, a Russia-based group that collects intelligence on the energy industry
EMISSARY PANDA, a China-based actor that targets foreign embassies to collect data on government, defense, and technology sectors
In addition to profiling some of the world’s most prominent threat actors, the CrowdStrike Global Threats Report offers a look at some of these attackers’ most popular tactics and techniques for breaching the defenses of a targeted organization. For example, the report offers a detailed analysis of how several organized threat groups are using strategic web compromise (SWC) – sometimes called “watering holes” – to penetrate a target by infecting the websites most frequently surfed by its members. SWC attacks on the Council on Foreign Relations, the U.S. Department of Labor, and several foreign embassies are described in detail in the report.
The report offers predictions on the evolution of sophisticated adversaries in 2014. CrowdStrike predicts that 2014 will bring increased targeting of third-party vendors, abuse of the Internet’s new generic top-level domains (gTLDs), and vulnerabilities in Windows XP, which will reach end-of-life from Microsoft this April. The report predicts increased use of encryption to help protect and obfuscate malware; greater use of black markets for buying and selling custom-made malware; and increased targeting of attacks around major events, such as the Olympics, the 2014 G20 Summit, and major national elections. In the wake of the recent breaches of major retailers, the CrowdStrike team also discusses the evolution of cyber criminals, who are beginning to develop capabilities to identify and breach specific targets in pursuit of sensitive account data.