Report: CrowdStrike – 2017 Cyber Intrusion Services Casebook

Crowdstrike - Cyber Intrusion Services Casebook
Crowdstrike – Cyber Intrusion Services Casebook

Report: CrowdStrike – 2017 Cyber Intrusion Services Casebook


Published: 7 December 2017

Crowdstrike published its annual Cyber Intrusion Services Casebook. Drawn from 100 real-life client engagements, the report looks into ever-evolving attacker tactics, techniques and procedures (TTPs) and reveals emerging trends observed in attack behaviors, including the preferred tactics used by threat actors to gain entry to the targeted environment.

Few key findings:

  • 66% of attacks did not leverage file-based malware but instead exploited a combination of the native software of victims’ systems, memory-only malware, and stolen credentials to gain access and persist on the targeted networks.
  • Average dwell-time was 86 days before being detected. Which is a positive trend. Crowdstrike and other organizations were estimating this to be over hundred, or in hundreds even a year ago. Organizations became better at detecting breaches. Although not yet good enough.
  • Another positive trend is the higher number of attacks that were detected by the victim themselves – 68%. Which is 11% higher than last year.
  • CrowdStrike also noticed that tactics and techniques typically used by nation-state actors have been increasingly leveraged by cybercrime groups.
  • Attackers are also increasingly turning to self-propagating malware, particularly in the case of ransomware such as the notorious WannaCry. These attacks are often successful due to organizations failing to update critical systems and deploying comprehensive security technologies.