Security Market Segment LS
Wednesday, 06 March 2019 08:21

No American APTs mentioned in CrowdStrike's Global Threat Report Featured

By
No American APTs mentioned in CrowdStrike's Global Threat Report Image by Christoph on Pixabay

US security firm CrowdStrike has issued its annual Global Threat Report about cyber threats and their incidence, but the 75-page document contains no mention of any American state-based malware, otherwise known as APTs or advanced persistent threats.

There are, however, plenty of mentions of APTs from Russia, China, Iran, and North Korea among others.

Of the threats from state-supported actors from these countries, CrowdStrike had this to say:

"Nation-state adversaries were continuously active throughout 2018 — targeting dissidents, regional adversaries and foreign powers to collect intelligence for decision-makers:

"North Korea (aka the Democratic People's Republic of Korea, or DPRK) remained active in both intelligence collection and currency-generation schemes, despite participating in diplomatic outreach.

"Iran maintained focus on operations against other Middle Eastern and North African (MENA) countries, particularly regional foes across the Gulf Cooperation Council (GCC). Additionally, it is suspected that Iranian adversaries are developing new mobile malware capabilities to target dissidents and minority ethnic groups.

"As for China, CrowdStrike observed a significant rise in US targeting, likely tied to increased tensions between the two countries.

"Russian adversaries were active across the globe in a variety of intelligence collection and information operations."

Asked about what appears to be a glaring omission, since the NSA, the premier cyber offence organisation in the US has a much bigger budget and more human resources than practically every other country, CrowdStrike's public relations director Ilina Cashiola told iTWire that the report only covered intrusions, campaigns and targeting seen in CrowdStrike's customer base as detailed in the methodology section of the report.

"[These are] either where our technology is deployed or where our team has been engaged for security services," she said. "If we haven’t reported on a particular actor, this means that we haven’t encountered them first-hand."

The methodology section of the report says CrowdStrike's "global team of intelligence professionals track 116 adversaries of all types, including nation-state, eCrime and hacktivist actors".

"We are unable to make any inferences about activities or actor motivations — APTs or eCrime — that we haven’t directly observed or analysed," Cashiola added.

iTWire then asked how the report could be considered global since threats from one very prominent country, the US, were not mentioned at all. A response is awaited.

The CrowdStrike report also mentioned other nation-state adversaries which it had tracked but not cited prominently in its report. These were:

"Adversaries linked to Pakistan and India maintained an interest in regional affairs with a rise in activity on the Indian subcontinent, observed in the summer of 2018.

"The Vietnam-based adversary OCEAN BUFFALO appeared to focus on domestic — possibly internal law enforcement — operations; however, CrowdStrike has also identified the possible targeting of Cambodia, as well as activity against the manufacturing and hospitality sectors.

"Recent technical analysis, as well as the reported zero-day use of CVE-2018-8174, suggests the South Korean-based adversary SHADOW CRANE continues to actively develop its toolkit. The target scope of SHADOW CRANE’s campaigns appears to primarily focus on victims in China, Japan, South Korea, Russia, India and the DPRK — particularly those involved in the government, think tanks, media, academia and non-government organisation (NGO) sectors."

CrowdStrike was in the news in 2016 after it was called in to investigate the breach at the Democrat National Committee in 2016, but did not allow the FBI a look at the servers, even though there were many requests for access made by the organisation which was at that time headed by James Comey.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments