September 9, 2021
Cyber related security events across all industry verticals have been steadily increasing year over year and have reached alarming levels since the start of the COVID-19 pandemic.
Ankura was chosen to be among 83 cybersecurity firms to contribute high confidence and actionable intelligence for the 2021 Verizon Data Breach Investigations Report (DBIR). Other contributors include U.S. Secret Service, Recorded Future, Dragos, Inc., Akamai Technologies, Chubb, and Rapid7.
This report provides an annual analysis of security incidents and data breaches, broken down by sector, and provides insight and metrics compiled across both the public and private sectors.
“Cybersecurity professionals across all disciplines can use this information to better serve their organizations and clients by providing actionable advice based on real world data patterns and trends. Data breach coaches can also use this information to provide up to date and tailored legal advice based upon the end-user client’s specific scenario.” Bob Olsen – Global Head, Cybersecurity and Data Privacy.
Reports such as the Verizon DBIR are beneficial for both global and regional law firms as they typically include strategic as well as technical information and metrics associated with a broad range of cyber-attacks and campaigns. For example, the reader could gain a better understanding of which industry verticals are being increasingly targeted by specific ransomware threat groups or how many nation state threat groups are leveraging specific third-party software tools as an initial attack vector. These types of reports also provide deeper technical analysis if additional context is desired. The reader would also be able to find which internet service providers or domain hosting providers are most likely to be leveraged by an attacker during a business email compromise (BEC) or which backdoors are favored by specific nation states.
CTAPT compiles unique and attributable indicators of compromise (IOCs) for each incident response matter worked by the Ankura Incident Response team as well as intelligence investigations pursued by CTAPT and then organizes them based on associated threat groups, malware variants, and/or campaigns in our internal repository. These IOCs are then enriched leveraging third party services to proactively enumerate additional infrastructure which are likely controlled by the adversary. This collection and enrichment process has led to Ankura being able to monitor close to two million unique IOCs attributed to a wide range of threat groups engaged in both espionage and financially motived campaigns.
In support of the 2021 Verizon DBIR, CTAPT conducted a number of queries within our repository and compiled several thousand high confidence and attributable indicators which were then enriched with additional data points prior to being disseminated to Verizon. Metrics such as the size and industry of the victim, initial vector of compromise, number of compromised endpoints, and motive were added to the identified IOCs. In addition, additional phases of the “Cyber Kill Chain” were addressed, including identified payloads, method and amount of data exfiltration, command and control (C2) nodes, method of established network foothold as well as other tactics, techniques, and procedures (TTPs) were addressed. Altogether, CTAPT provided curated intelligence related to close to one hundred IR and intelligence matters attributed to ransomware, espionage, or other financially motived actors worked by Ankura cybersecurity teams during 2020.
“Leaders at every level need to understand technology and the benefits and risks it poses to their organizations. The 2021 Verizon Data Breach Investigations Report (DBIR) does an extraordinary job capturing many of these risks, and Ankura’s inclusion on the DBIR team is testament to the quality of work and collaboration our team brings to every engagement, every day.” – Honorable Patrick J. Murphy, Former AmLaw100 partner, the 32nd Under Secretary of the Army, Commissioner on the U.S. Cyberspace Solarium Commission, and a Senior Managing Director in Ankura’s Cybersecurity and Data Privacy practice.
CTAPT has been actively working dozens of matters attributed to espionage groups as well as financially motived actors since the beginning of 2021 and is looking forward to supporting new clients throughout the remainder of the year. As a result, Ankura will be ready to support the 2022 Verizon DBIR as well as other collaborative cyber threat intelligence products.