A larger proportion of cyberattacks in the first half of 2019 can be attributed to electronic criminals (eCrime adversaries) compared to state-sponsored or unidentified attacks. CrowdStrike, a cybersecurity company that provides the CrowdStrike Falcon endpoint protection platform, observes that 61% of targeted cybersecurity campaigns in the first half of 2019 were sourced from eCrime adversaries, compared to 39% from other sources.

Technology was the top vertical market targeted by cyber-attacks in the first half of the year

CrowdStrike Falcon Overwatch platform

The eCrime portion more than doubled since 2018, reflecting an escalation of criminal players in search of more and larger payouts. The trend is among the information presented in CrowdStrike’s Overwatch 2019 Mid-Year Report: Observations from the Front Lines of Threat Hunting. Falcon OverWatch is the CrowdStrike-managed threat hunting service built on the CrowdStrike Falcon platform.

Technology was the top vertical market targeted by cyber-attacks in the first half of the year, followed by telecommunications and non-governmental organisations (including think tanks). Other targets (in decreasing order) were retail, financial, manufacturing, transportation and logistics, gaming, entertainment and engineering. Hospitality disappeared from the list so far this year, although Crowdstrike expects an increase in intrusions aimed at the hospitality industry to put it back in the top 10 by the end of the year.

Intrusion adversaries

In terms of intrusion adversaries, the top players so far in 2019 are Spiders (eCrime) and Pandas (China). Regarding initial access techniques, the most common remain, in order of prevalence, valid accounts, spear-phishing and exploitation of public-facing applications.

2009 is proving to be an active year with a significant increase in eCrime and the inter-relationships occurring across different groups as they strengthen their organisations, forge alliances and expand their footprint.

Need for a proactive security posture

Basic hygiene form the foundation for a strong cybersecurity program

Many of the techniques used by eCrime actors are easily defensible through strong security products and a proactive security posture, says CrowdStrike, which recommends the following measures to help maintain strong defense in 2019:

  • Be attentive to basic hygiene such as user awareness, asset and vulnerability management, and secure configurations, which form the foundation for a strong cybersecurity program.
  • User awareness programs can combat the continued threat of phishing and related social engineering techniques.
  • Asset management and software inventory ensures that an organisation understands it footprint and exposure.
  • Vulnerability and patch management can verify that known vulnerabilities and insecure configurations are identified, prioritised and remediated.
  • Multifactor authentication (MFA) should be established for all users because today's attackers are adept at accessing and using valid credentials.
  • A robust privilege access management process will limit the damage adversaries can do if they get in and reduce the likelihood of later movement.
  • Implementing password protection prevents disabling or uninstalling endpoint protection that provides critical prevention and visibility for defenders.

Countering sophisticated cyber attacks

As sophisticated attacks continue to evolve, enterprises face more than a "malware problem"

As sophisticated attacks continue to evolve, enterprises face more than a "malware problem." Defenders should look for early warning signs that an attack may be underway, such as code execution, persistence, stealth, command control and lateral movement within a network.

Contextual and behavioral analysis, when delivered in real time via machine learning and artificial intelligence, effectively detects and prevents attacks that conventional "defense-in-depth" technologies cannot address.

"1-10-60 rule" in combating advanced cyber threats

CrowdStrike recommends that organisations pursue a "1-10-60 rule" in order to effectively combat sophisticated cyberthreats. That is, they should seek to detect intrusions in under one minute; to perform a full investigation in under 10 minutes, and to eradicate the adversary from the environment in under 60 minutes.

A source at CrowdStrike said "Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action."

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Which technologies will disrupt the security industry in the second half of 2020?
Which technologies will disrupt the security industry in the second half of 2020?

The first half of 2020 has been full of surprises, to say the least, and many of them directly impacted the physical security market. The COVID-19 pandemic created endless new challenges, and the physical security market has done our part to meet those challenges by adapting technology solutions such as thermal cameras and access control systems. In the second half of 2020, we can all hope for a return to normalcy, even if it is a “new normal.” In any case, technology will continue to play a big role. We asked this week’s Expert Panel Roundtable: Which technologies have the greatest potential to disrupt the security industry in the second half of 2020?

What do you need to know about thermal imaging cameras?
What do you need to know about thermal imaging cameras?

As businesses, schools, hospitals and sporting venues look to safely reopen in a COVID-19 world, thermal imaging systems will play a critical role in helping to detect and distinguish skin temperature variations in people. Thermal surveillance, a mainstay of traditional physical security and outdoor perimeter detection, is now being deployed to quickly scan employees, contractors and visitors as part of a first line of defense to detect COVID-19 symptoms. In the coming weeks and months, the security industry will look to implement thermal camera solutions for customers, yet many questions remain as to the differences between different system types and how to properly install thermal imaging cameras. In this Q&A, Jason Ouellette, Head of Technology Business Development for Johnson Controls, answers several of these questions. Q: What are some of the different thermal imaging solutions available in the market to detect an elevated temperature in a person? For the general market, there are three types of these thermographic screenings. There is the handheld device, which is typically lower cost, very portable, and very easy to use. Typically, this is a point and shoot type of device, but it requires you to be three feet or less from the person that you're screening, which, in today's world, means the user needs to wear protective personal equipment. For the general market, there are three types of these thermographic screenings The second type of solution would best be described as a thermal camera and kiosk. The advantage of this system over a handheld device is this can be self-service. An individual would go up to and engage with the kiosk on their own. But many of these kiosk type solutions have some integration capability, so they can provide some type of output, for either turnstiles, or physical access control, but not video management systems (VMS). Some of the downside of this type of system is that it’s less accurate than a thermographic solution because it does not have a blackbody temperature calibration device and the readings are influenced by the surrounding ambient temperature, called thermal drift. So instead of being able to achieve a ±0.3ºC accuracy rating, this system probably provides closer to ±0.5ºC at best. Some of these devices may be classed as a clinical thermometer with a higher degree of one time accuracy, but do not offer the speed and endurance of the thermographic solution for adjunctive use. And then there are thermal imaging camera systems with a blackbody temperature calibration device. These types of systems include a dual sensor camera, that has a visual sensor and a thermal sensor built right into the camera, along with a separate blackbody device. This provides the highest degree of ongoing accuracy, because of the blackbody and its ability to provide continuous calibration. These systems can provide much more flexibility and can offer integrations with multiple VMS platforms and access control devices. Q: When installing a thermal imaging camera system what is the most important element to consider? Camera placement is critical to ensure the system works as expected, however the placement of the blackbody device which verifies the correct calibration is in place is equally as important. If the customer wants to follow FDA medical device recommendations for camera placement, both the height of the camera and the blackbody as well as the distance between these devices should comply with the product installation instructions. This takes into account the device focal range and calibration parameters in addressing the distance from the person undergoing the scan. Also, integrators should minimise camera detection angles to ensure optimal accuracy and install cameras parallel with the face as much as possible, and again in compliance with installation instructions. Integrators should minimise camera detection angles to ensure optimal accuracy The blackbody should be placed outside of the area where people could block the device and located more towards the edges of the field-of-view of the camera. You need to keep in mind the minimum resolution for effective thermographic readings which is 320 by 240 pixels as defined by the standards. To achieve this, you would need to follow medical electrical equipment performance standards driven by IEC 80601-2-59:2017 for human temperature scanning and FDA guidelines. Within that measurement, the face needs to fill 240 x 180 pixels of the thermal sensor resolution, which is close to or just over 50 percent of the sensor’s viewing area typically, meaning a single person scanned at a time in compliance with the standards for accuracy.  Along with height and distance placement considerations, the actual placement in terms of the location of the system is key. For example, an expansive glass entryway may impact accuracy due to sunlight exposure. Installations should be focused on ensuring that they are away from airflow, heating and cooling sources, located approximately 16 feet from entry ways and in as consistent of an ambient temperature as possible between 50°F and 95°F. Q: Once a thermal imaging camera system is installed, how do you monitor the device? There are several choices for system monitoring, depending on whether the solution is used as standalone or integrated with other technologies, such as intrusion detection, access control or video systems. For standalone systems, the ability to receive system alerts is typically configured through the camera’s webpage interface, and the cameras include abilities such as the live web page, LED display for alerting, audio alerts and physical relay outputs. When done right, these features will all follow cybersecurity best practices which is important for any network solution today, including changing default passwords and establishing authentication methods. The ability to receive system alerts is typically configured through the camera’s webpage interface These types of thermal cameras can also integrate with turnstile systems, VMS platforms and access control systems. This is typically done through the integration of a relay output, activated by a triggered temperature anomaly event on a thermal imaging camera which can then be used for activities such as locking a turnstile, or through access control and video systems to send an email or provide an automated contagion report for contact tracing. These capabilities and integrations extend the monitoring capability above that of the standalone solution. The camera can be configured to monitor a specific range of low and high alerts. Users can determine the actions that should be taken when that alert exceeds the preset low or high threshold. These actions include things like a bright and easy-to-see LED can provide visual notification through pulsing and flashing lights as an example. Q: What about system maintenance? Does a thermal imaging camera require regular service in order to operate accurately? First it’s important to make sure the system is calibrated. This can be done after the unit stabilises for at least 30 minutes to establish the initial reference temperature source known as the blackbody. Calibrations conducted before this warm up and stability time period can throw off accuracy. Also, as part of your system maintenance schedule you will want to perform a calibration check of the blackbody device every 12 months, along with following recommendations of the FDA and IEC. If you install the solution and don’t perform maintenance and the blackbody calibration certificate expires, over time there’s a risk that the device will experience drift and a less accurate reading will result. There’s a risk that the device will experience drift and a less accurate reading will result Q: What final pieces of advice do you have for either an integrator who plans to install a thermal imaging camera system or an end user who plans to invest in this solution? Before you buy a thermal imaging camera check to see if the manufacturer ships the camera with a calibration certificate. Also, become familiar with FDA’s guidance released in April 2020, Enforcement Policy for Telethermographic Systems During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency. This document places thermal/fever products for adjunctive use under the category of a Class I medical devices and subject to its regulatory control. Driven by these regulations and categorisation, users need to understand specifically what is required to meet the required level of accuracy for successful detection. While thermal imaging camera systems are more complex than traditional surveillance cameras, they can prove to be a valuable resource when set up, configured and maintained properly.

Recognising the importance of security officers to promote safety
Recognising the importance of security officers to promote safety

The general public doesn’t give much thought to the important role of security officers in creating and promoting safer environments. The low-profile work of security officers is vital to protecting people, places and property. During the pandemic, newer aspects to that role have emerged. Security personnel have been called on to perform diverse tasks such as managing queues at the supermarket, safeguarding testing centres and hospitals, ensuring food deliveries, and supporting police patrols. The British Security Industry Association (BSIA) and two other organisations in the United Kingdom are joining forces to raise awareness of the work of security officers and to recognise the vital importance of the duties they perform. BSIA, a trade association, includes members who are responsible for 70% of privately provided UK security products and services, including security guarding, consultancy services, and distribution and installation of electronic and physical security equipment. BSIA, the Security Institute and the Security Commonwealth Joining BSIA in the awareness campaign are the Security Institute, a professional security membership body; and the Security Commonwealth, which is comprised of 40 organisations from across the security landscape with common objectives to build professionalism, raise standards and share best practices. “The recognition of security officers as key workers is the start of a re-appraisal of what service they provide to the community in keeping the public safe and secure,” says Mike Reddington, BSIA Chief Executive. “As we exit lockdown and have to navigate public spaces again, [security officers] will have a crucial role in supporting public confidence. We are working closely with the Police and all other public bodies to find the best way to achieve this.” Security officers acknowledged as key workers The campaign will showcase security professionals as a respected, valued, professional service provider and a key worker that is acknowledged and embedded in daily lives. The British Security Industry Association (BSIA) and two other organisations in the United Kingdom are joining forces to raise awareness of the work of security officers “Great effort has been invested in the professional standards and capabilities of frontline [security] officers, and they have proven their worth during the coronavirus crisis in the UK,” says Rick Mounfield, Chief Executive, the Security Institute. “They, along with the wider security sector, deserve to be recognized, respected and appreciated for the safety and security they provide across the United Kingdom.” “[We are working to] build professionalism, raise standards and share best practices, and I hope this campaign can make more people recognise the changes we have all made and continue to make,” says Guy Matthias, Chairman of the Security Commonwealth (SyCom). The industry will be reaching out to companies, professionals, and organisations in the sector to participate in the campaign. The hope is that, over the coming weeks as lockdown is eased, the industry can play its part to ensure that the country emerges with confidence to start to recover and build for the future. Private security more important than ever The campaign will showcase security professionals as a respected, valued, professional service provider Across the pond in the United States, law enforcement professionals are facing a crisis of confidence during a time of civil unrest as protestors call to “defund the police” and to otherwise undermine and/or recast law enforcement’s role in preserving the peace and ensuring public safety. If an upshot is that public policing is starved of resources, the role of private security to supplement their mission is likely to increase. In short, the role of private security is more important than ever on both sides of the Atlantic. Public recognition of that role is welcome, obviously. In any case, the importance of their role protecting people, places and property has never been greater.