Hackers are getting more hands-on with their attacks. That's not a good sign

Both nation-state-backed hackers and cyber criminals are trying to take advantage of the rise in remote working - and getting more sophisticated in their approach.
Written by Danny Palmer, Senior Writer

There's been a sharp rise in sophisticated hands-on hacking campaigns over the course of this year, with the first six months of 2020 seeing more of these intrusions than the total number for the whole of 2019.

A hands-on intrusion is when human hackers actively explore compromised systems themselves rather than relying on programmed scripts that perform automated tasks.

The rise in attacks is attributed to a combination of cyber criminals continuing to evolve their tools, techniques and procedures, as well as the way hacking groups have exploited the rise in remote working driven by the COVID-19 pandemic as a means of gaining access to accounts and networks.

SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | Download the PDF version  

The findings are detailed in Crowdstrike's Threat Hunting Report 2020, based on potential 'hands-on' intrusions identified by the cybersecurity company's research team. The first half of 2020 saw 41,000 intrusions, a higher figure than the 35,000 detected during all of 2019, according to the company.

"The most alarming thing from a 2020 perspective has been the volume and the reach of the amount of intrusions we've observed," Jennifer Ayers, VP at Crowdstrike, told ZDNet.

"Keep in mind that the report is essentially the first half of the year and in half a year we've already significantly exceeded the volume of what we observed in 2019 and 2018. It's really a testament to how troubled the landscape truly is."

The hands-on campaigns are based around hackers gaining access to the network – often via leaked or stolen credentials to an employee account or an exposed RDP server – then using the legitimate access those accounts or systems offer to move across the network, gradually securing the means to gain more and more access. And because this is gained legitimately, it's often difficult to notice unusual activity.

It used to be that this type of sophistication was reserved for nation-state-backed hacking groups, but now it's regularly demonstrated by cyber-criminal gangs too.

"Hands-on keyboard sophistication used to be just the domain of nation states. As we've seen more and more criminal organisations start to explore that, we really saw the explosion," said Ayers.

"Sophistication has definitely changed over the past two years and we're seeing much, much more of that in 2020."

But while nation states are using these intrusions for cyber-espionage campaigns and stealing intellectual property, cyber-criminal groups are often using these kinds of intrusions to lay down the groundwork for expansive ransomware campaigns that result in whole networks being encrypted and millions of dollars being demanded in return for the decryption key.

According to the report, almost all sectors have seen an increase in intrusive cyberattacks over the course of this year, with technology, telecommunications and finance some of the most frequently targeted. Manufacturing has also seen a dramatic increase in attacks, rising to the second-most targeted industry this year when it didn't feature in the top ten in 2019.

SEE: Most cybersecurity reports only focus on the cool threats

However, despite the increasing number of hands-on, sophisticated hacking campaigns, it's still very much possible for organisations to protect themselves from attacks by following security basics, such as applying patches and security updates, and avoiding the use of vulnerable passwords.

"Keep with the basics of security. If there's one area you should really be focusing on it's on your perimeter, make it difficult for them to get in in the first place. Keep security awareness going and make sure your employees know that a lot of hacks still start with phishing emails," Ayers said.

Multi-factor authentication can also play a vital role in protecting users and systems.

"There's so many ways to do this, it's not remotely expensive anymore. And so for ten bucks to enable multi-factor authentication, just pay the ten bucks. Because it's going to be better than paying millions after a ransomware attack," Ayers said.


Editorial standards