IR Team Investigations Uncover eCrime Use of Nation-State Attack Methods

CrowdStrike Services' 2017 Cyber Intrusion Casebook details the blurring lines between nation-state-sponsored attacks and eCrime, highlighting an increase in fileless attacks and "living off the land" techniques, which involve exploiting native Windows processes and erasing traces to extend undetected presence within systems. A notable case involved the SamSam ransomware, associated with the xDedic darknet forum, where adversaries used brute-force attacks via compromised RDP logins, demonstrating sophisticated threat actor tactics. CrowdStrike's investigation identified the ransomware's persistence mechanisms, halted its spread, and provided tailored security recommendations, such as enforcing Network Level Authentication for RDP and implementing two-factor authentication, to fortify the client's defenses against future cyber threats.