Patience is less a virtue and more a frightening new trend, when it comes to cybercrime, according to panelists at Advisen’s Cyber Risk Insights Conference in Chicago last week who said cybercriminal operations are shifting from quick hits to long-term campaigns with more lucrative paydays.
“The trend we are seeing is e-crime individuals are starting to move away from mass spamming as many companies as possible,” said Saxxon McCarty, regional sales director at CrowdStrike. Instead, they are going “big-game hunting,” he said.
Referencing CrowdStrike’s 2019 Global Threat Report, McCarty explained that nation states were responsible for many of the attacks they saw in 2018. He identified the usual suspects of China, Russia, North Korea, and Iran as the biggest culprits, but said that out of the 81 nation states they consider U.S. adversaries, 21 were active in 2018.
As a result, social-engineering attacks that develop over a long period of time are on the rise. According to McCarty, some of these big-game social-engineering campaigns can take anywhere from one to two years.
“We see that their tactics are starting to move away from viruses and executable files, and more toward phishing and other tools that aren’t executable files that can be built into the system,” said McCarty.