CROWDSTRIKE|1.888.512.8906
15440 LAGUNA CANYON ROAD, SUITE 250, IRVINE, CALIFORNIA 92618
02
CROWDSTRIKE|1.888.512.8906
CONTENTS
FOREWORD
EXECUTIVE SUMMARY
KEY FINDINGS
KEY TRENDS
CASE STUDIES AND
RECOMMENDATIONS
CONCLUSION
02
03
04
07
08
28
01
CROWDSTRIKE|1.888.512.8906
Cyberattacks — and the resulting breaches — are a fact of life now. The
impact left in the wake of a successful intrusion can be massive when
customer data or other confidential information is stolen, exposed,
changed, or deleted. It’s an inescapable certainty: Where valuable digital
assets exist, aggressive threat actors follow.
These actors continuously develop and adopt new means to achieve
their objectives, from the destructive NotPetya malware using stealth
propagation techniques, to ransomware extortion, to the use of valid
operating system processes to exploit the network.Likewise, security
stakeholders from CISOs to incident responders to the board of directors
must evolve their security planning to ensure resilience in the face of
an attack. This document provides guideposts to further you along that
path.
Drawn from real-life client engagements, the annual CrowdStrike
Cyber Intrusion Services Casebook provides valuable insights into
ever-evolving attacker tactics, techniques and procedures (TTPs).It
also reveals the strategies the CrowdStrike Services team devised to
effectively and quickly investigate and remove threats from victims’
networks. Additionally, the report reveals emerging trends observed in
attack behaviors, including the preferred tactics used by threat actors to
gain entry to the targeted environment.
Based on CrowdStrike Services’ extensive experience in the field, this
casebook provides key takeaways that can inform both executive
stakeholders and security professionals how to respond to intrusions
more effectively.Most importantly, it offers recommendations that
organizations can implement proactively — right now — to improve their
ability to prevent, detect and respond to attacks. The threat is real, the
risk is high, and CrowdStrike Services stands shoulder-to-shoulder with
our clients to secure their data and their infrastructure: One Team, One
Fight.
Shawn Henry
CrowdStrike CSO and President of Services
FOREWORD
02
Several key trends emerged from the incident response (IR) cases
the CrowdStrike Services team handled on behalf of clients this past
year. The team’s case summaries and statistics show vividly how
resourceful and relentless sophisticated attackers can be as they
continually look for gaps in clients’ IT infrastructure. Organizations
should realize:
1)The lines between nation-state sponsored attack groups and eCrime
threat actors continue to blur.
2)Self-propagation techniques have added a new twist to ransomware
attacks and their ability to paralyze clients’ operations.
These trends make it clear that any organization relying primarily
on traditional security measures and tools, such as signature-based
antivirus or firewalls, will not be able to detect or fend off determined,
sophisticated threat actors.As attackers become more brazen and
their attack techniques continue to evolve, organizations must
likewise evolve their security strategies to proactively prepare for the
next attack.
EXECUTIVE SUMMARY
03。