Financial cyber crimes rising – firms must stay vigilant

CrowdStrike Intelligence observed an average of over 50 targeted ransomware events every week.
22 February 2022

A devastating cyberattack on US government agencies has also hit targets worldwide, with the list of victims still growing, according to researchers, heightening fears over computer security and espionage. (Photo by Olivier DOULIERY / AFP)

  • Financially-motivated crimes accounted for nearly half (49%) of all observed cyber intrusion attempts
  • There were 21 newly-named adversaries and over 170 total adversaries tracked in 2021
  • Ransomware-related data leaks increased by 82%, with 2,686 attacks last year compared to 1,474 in 2020, per the latest Crowdstrike Global Threat Report

Cyber threats continue to evolve as criminals grow more sophisticated in their approach and the payoffs become more lucrative. Ransomware-related data leaks increased by 82%, with 2,686 attacks last year compared to 1,474 in 2020, according to the recently-released Crowdstrike Global Threat Report.

CrowdStrike Intelligence observed an average of over 50 targeted ransomware events per week. Aside from criminal groups, nation-state adversaries are also expanding their exploits in the cyber world. The eighth annual report also found ransomware-related demands averaged $6.1 million per ransom, up 36% from 2020. 

Financial-motivated crimes 

Unsurprisingly, crimes motivated by financial gain accounted for nearly half (49%) of all observed cyber intrusion attempts.

The report outlined the new operations and techniques from the ‘Big Four’ — China, Iran, North Korea, and Russia – and saw the debut of two fresh state-based adversaries, WOLF from Turkey and OCELOT from Colombia. Some of the highlights include:

Newly-named adversaries participating in financial crimes

There were 21 newly named adversaries and over 170 total adversaries tracked in 2021. The list includes cybercrime groups like the DOPPEL SPIDER and WIZARD SPIDER affiliates, state-nexus actors like AQUATIC PANDA from China, along with PIONEER KITTEN and NEMESIS KITTEN from Iran. 

Log4Shell attacks, which allow bad actors to take complete server control via a zero-day vulnerability in popular Java logging framework Log4j, were used by both criminals and nation-state affiliates to execute ransomware and network breaching operations

This also foreshadowed more attacks via the non-malware route. Log4Shell was first detected on December 9, 2021. In the fourth quarter of last year alone, 62% of all detections indexed by Crowdstrike were malware-free. These include using stolen user credentials and identity to bypass legacy security solutions. 

Businesses must evolve to stay ahead

“As cyber criminals and nation-states around the world continue to adapt in the changing, interconnected landscape, it’s critical that businesses evolve to defend against these threats by integrating new technologies, solutions and strategies,” said Adam Meyers, senior vice president of intelligence at CrowdStrike, a global leader in cybersecurity. 

“The annual Global Threat Report paints a picture that shows enterprise risk is coalescing around three critical areas: endpoints and cloud workloads, identity and data, and provides a valuable resource for organizations looking to bolster their security strategy.”