[CrowdStrike] 2013 Year in Review: Actors, Attacks, and Trends

Jan 22, 2014 | Adam Meyers, Vice President, Intelligence

As 2012 was winding down, the CrowdStrike Intelligence team was in hot pursuit of an adversary who was leveraging a Strategic Web Compromise (SWC) attack using an exploit for an at-the-time unpatched vulnerability (CVE-2012-4792). This attack was a harbinger of what was to follow throughout 2013. These attacks, commonly called “watering holes”, do not rely on social engineering and weaponized documents to victimize their prey. Instead, sites known to be of interest to the victim are seeded with exploits leading to droppers intended to implant the system of the unsuspecting visitor. In Q1 2013, the CrowdStrike Intelligence team warned our threat intelligence customers of the impending shift in targeting to this attack scenario. This estimative analysis factored in many pieces of intelligence that were collected and analyzed by the team and used to develop indications and warnings.