A recent article in Dark Reading, “Nowhere to Hide: Don’t Let Your Guard Down This Holiday Season” by CrowdStrike Product Director Scott Taschler, provides ominous warnings of adversary activity and practical recommendations for increasing cybersecurity during the 2020 end-of-year holidays. The article stresses that “adversaries don’t vacation” — on the contrary, attackers take every opportunity to leverage the operational downtime most organizations experience during the holidays. Adversaries continue to work overtime all year looking for new ways to thwart your cyber defenses — and it will be crucial for organizations to heed the article’s recommendations and put them into practice in 2021 and beyond.
The article highlights recent findings of the CrowdStrike Falcon® OverWatchTM team that were published in the CrowdStrike® 2020 Threat Hunting Report — including the fact that the first half of 2020 saw “the highest number of potential intrusions covered by Falcon OverWatch in a calendar year.” In addition, June 2019 to June 2020 was a particularly lucrative year for eCrime actors, who made gains compared to nation-state-sponsored activity. In fact, eCrime comprised 82% of all intrusions the OverWatch team uncovered in 2019-2020 in which attribution could be made with a high degree of confidence. The widespread use of ransomware attacks during this period is particularly troubling — especially those aimed at the healthcare industry, where such attacks can cause catastrophic delays in patient care.
Cybersecurity Checklist
The article includes a Holiday Season Security Checklist, but the suggestions offered should be applied year-round for organizations that want to stay ahead of today’s sophisticated and determined threat actors. This checklist includes the following recommendations:- Establish a proactive and continuous threat-hunting practice
- Ensure that internet-facing infrastructure is rapidly and consistently patched
- Establish and enforce strong password rules and multifactor authentication
- Eliminate excess software and ensure strict controls
- Train your employees to be cybersecurity-aware
Additional Resources
- Download the 2020 Threat Hunting Report: Insights from the CrowdStrike Falcon® OverWatch team.
- Listen to an on-demand webcast and hear CrowdStrike threat hunting experts discuss the report’s findings.
- Visit the CrowdStrike Falcon® OverWatch webpage.
- Download the CrowdStrike 2020 Global Threat Report for more insights into today’s modern adversaries.
- Test CrowdStrike next-gen AV for yourself. Start your free trial of Falcon Prevent™ today.