Thursday, June 20, 2024

E-security firm raises alarm on Chinese cyberattacks on PH firms

Executives from cybersecurity firm CrowdStrike gave an overview during a press briefing on Tuesday, Sept. 20, of the changing behaviors that pose a threat to Asia Pacific Japan (APJ) organizations.

Image from CrowdStrike

Of the 185 threat actors the company currently monitors, CrowdStrike found the adversaries of most concern to the APJ region originate from China, Turkey, Russia, and North Korea.

The company singled out China’s actors as the most concerning threat to Philippine organizations’ cybersecurity due to China’s attempts to dominate the APJ and South East Asian region, as exemplified by the its incursions into the West Philippine Sea.

CrowdStrike has also categorized adversaries into three types depending on their motivations. Nation-state adversaries conduct cyber espionage for diplomatic, political, and economic intelligence purposes, while e-crime actors are financially motivated, and lastly, hacktivists commit cybercrimes for nationalistic, terroristic, and social goals.

Adam Meyers, CrowdStrike senior vice president of intelligence, stressed that “data in the last year has been increasingly weaponized by threat actors in all three of these motivations.”

In fact, organizations across all industries have seen an uptick in data-based attacks, the cybersecurity firm said.

Meyers described how ransomware utilization, malicious programs that block access to a user’s device until they pay a ransom, is ramping up in data extortion or data leak attacks.

In the 2021 CrowdStrike Global Threat Report, ransomware-related data leaks grew to 2,686 from the 1,474 attacks in 2020. The frequency of these attacks is only expected to grow in 2022.

“Some of these ransomware groups are no longer using ransomware to encrypt files, they’re actually moving to pure data extortion… With data extortion, they’re saying that ‘we’re going to leak this data and we know that the compliance, regulatory, and legal impact of leaking this data is going to be far greater than the extortion’. And they’re using that to compel these organizations to pay their ransom demand,” he added.

Meyers said “threat actors are getting faster, they’re getting better, and their able to steal data, get access to systems, and escalate privileges faster than every before, which necessitates proper security technology.”

Crowdstrike said it is constantly innovating its solutions to provide entities with the information and tools to meet these evolving threats. The company announced its latest product innovations last week, the most significant of which is the Falcon Insight XDR.

Extended Detection and Response or XDR refers to a new approach to threat detection and response where threat data from across an organization’s technology stack is filtered and consolidated into a single dashboard.

The Falcon Insight XDR specifically enables CrowdStrike clients to leverage XDR without disrupting existing Endpoint Detection and Response (EDR) solutions’ capabilities or workflows. EDR solutions constantly monitor end-user devices to detect and respond to cyber threats like ransomware and malware.

Besides the Falcon Insight XDR, the company unveiled other new products and product upgrades. One of them is the CIEM expansion, an upgrade to CrowdStrike’s Cloud Security that helps companies prevent identity-based threats resulting from improperly configured cloud entitlements across Amazon Web Services (AWS) and Microsoft Azure.

Two more innovations are the Falcon LogScale and Falcon Complete LogScale. These products improve organizations’ log management capabilities, so they can assess issues in their environments and gain actionable insights to optimize resource availability, security, and uptime.

Lastly, the Falcon Discover for IoT covers the improvements made to CrowdStrike’s Security and IT Operations product suite. These upgrades assist organizations in increasing visibility and reducing risk in IoT and operative technology (OT) environments.

In other words, it helps organizations manage security risk across system’s interconnected assets, cloud environments, identities and configurations.

Amol Kulkarni, CrowdStrike chief product offices, emphasized during the briefing that “it’s crucial that every organization looks at what their security needs are, make sure that they have the right posture, and then most importantly have a real time, run time security solution — like Falcon — to ensure that you are catching all of the threats.”


- Advertisement -spot_img




- Advertisement -spot_img