Cybersecurity company CrowdStrike Holdings Inc. today announced the launch of CrowdStrike Counter Adversary Operations designed to detect, disrupt and halt advanced cyber adversaries, making their operations more costly and challenging.

It also released its annual threat hunting report that details attack trends and adversary tradecraft observed by its threat hunters and intelligence analysts.

CrowdStrike Counter Adversary Operations harnesses data and services from CrowdStrike Falcon Intelligence, the CrowdStrike Falcon OverWatch managed threat hunting teams and telemetry data from the CrowdStrike Falcon platform to tackle identity-based attacks.

The new service launches with a unique new offering, Identity Threat Hunting. Available as part of CrowdStrike Falcon OverWatch Elite, it brings together the latest intelligence on adversary tactics, techniques, procedures and motives, combined with CrowdStrike Falcon Identity Threat Protection and CrowdStrike’s Elite Falcon OverWatch threat hunters, to thwart the latest identity-based threats. The new offering is said to make it possible to identify and remediate compromised credentials quickly, track lateral movement and outpace adversaries with always-on coverage.

“To beat modern adversaries at their game, threat intelligence needs to go past understanding the threat to rapidly actioning threat hunters to disrupt and stop the threat,” Adam Meyers, head of Counter Adversary Operations at CrowdStrike, said in a statement. “The newly formed Counter Adversary Operations represents a new model that not only brings together the very best adversary insight and expertise on the planet… but one that rapidly puts this insight into the hands of teams on the front lines to protect against modern threats while making life increasingly hard on the adversary.”

The new service is available to new and existing CrowdStrike Falcon OverWatch Elite customers at no additional cost.

Threat Hunting Report

The annual threat hunting report from CrowdStrike, released today, takes a deep dive into the current security landscape and identifies key security findings over the last 12 months.

Leading the list was an increase in adversary speed, with the average breakout time for interactive eCrime intrusion activity now at 79 minutes. In one example, Falcon OverWatch witnessed an adversary infiltrating an initial host and proceeding with lateral movement into the broader victim environment within seven minutes.

CrowdStrike’s threat hunters also identified about one potential intrusion every seven minutes. The data translates to tens of thousands of instances annually where human-driven hunting played a crucial role in detecting adversaries attempting to bypass autonomous detection methods.

In an interesting takeaway, 71% of all malicious activities tracked by CrowdStrike were malware-free. The percentage is said to underscore a shift in adversary tactics, which increasingly rely on hands-on-keyboard strategies to achieve their objectives. Due to the shift, the report notes that threat-hunting operations must be informed by the most up-to-date threat intelligence.

Other notable findings include Access Broker advertisements increasing by 147% in criminal or underground communities. The report also noted a three-times increase in adversary use of Linux privilege-escalation tools to exploit cloud environments.

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods,” Myers noted. “Security leaders need to ask their teams if they have the solutions needed to stop lateral movement from an adversary in just seven minutes.”

Photo: CrowdStrike