Blog

CrowdStrike Global Threat Report 2023 - The Findings

Sumit Singh
March 8, 2023
Home

Let's Get STARTED

The latest edition of the CrowdStrike Global Threat Report comes at a critical time for organisations around the world. As businesses have eased pandemic-driven operating environments and adjusted to economic difficulties, cybercriminals have become more sophisticated, relentless, and destructive in their attacks.

The CrowdStrike 2023 Global Threat Report summarises the analysis performed throughout 2022, including an overview of the threat landscape, key trends and findings and recommendations to help businesses respond with a stronger and more proactive defence.

THREAT LANDSCAPE OVERVIEW

In 2022 the cyber threat landscape was defined by increased scope and relentless persistence. CrowdStrike’s report covers themes, trends, and events across the entirety of the cyber landscape, with some of the notable changes including:

  • 84-minute average eCrime breakout time - the time a cybercriminal takes to move laterally from one compromised host to another in an environment reduced from 98 minutes to 84 minutes in 2022.
  • Upsurge of Access Brokers - the popularity of threat actors who acquire access to organisations and sell to other actors increased in 2022, with a 112% rise in advertisements for access identified.
  • Compromised Credentials have become popular - brokers continued to abuse compromised credentials acquired via information stealers or purchased on the criminal underground as a key means of access.
  • Rise in Malware-Free Attacks - cybercriminals continued to move beyond malware to gain initial access, with malware-free activity accounting for 71% of all detections in 2022 (up from 62% in 2021).
  • Speed of Interactive Intrusions - there was a 50% increase in interactivity intrusion campaigns in 2023, with accelerating activity in the latter part of the year. The technology sector was the most frequently targeted vertical.

KEY TRENDS AND FINDINGS

To consolidate the 2022 report, the trends and findings can be unpacked under five key themes:

  1. Cloud Exploitation Skyrocketed - as predicted in last year’s report, cloud exploitation increased in 2022 as more businesses moved their operations to cloud environments and more cybercriminals became able to compromise cloud workloads. Observed cloud exploitation cases grew by 95% and cases involving cloud-conscious actors nearly tripled.
  2. Cybercriminals Re-Weaponised and Re-Exploited Vulnerabilities - threat actors consistently focused on previously established attack vectors in 2022. This involved modifying the same exploit to target other products or identifying potential targets and focusing on known vulnerable components. This was particularly relevant to vulnerabilities in edge devices.
  3. China-Nexus Adversaries Scaled Operations – China-nexus adversaries were observed targeting nearly every industry sector and geographic region in 2022. The attacks were likely intended to collect strategic intelligence, compromise intellectual property, and develop further surveillance of target groups.
  4. High-Profile Attacks Gained Notoriety - two newly named adversaries, SLIPPY SPIDER and SCATTERED SPIDER, targeted high-profile victims and impacted their employees, customers, and partners in 2022. These adversaries are highly skilled and have significant resources to evade takedown and arrest.
  5. Russian Cyber Operations Supported War in Ukraine - the Russia-Ukraine war has seen an unprecedented use of cyber capabilities throughout the military campaign. CrowdStrike observed a range of Russia-nexus activity relating to the conflict, including extensive intelligence collection and information operations to influence public sentiment.

RECOMMENDATIONS FOR YOUR BUSINESS

As adversaries across targeted intrusion, eCrime and hacktivist landscapes continue to operate with relentless determination, it’s vital for your business to strengthen its security posture. The following recommendations from CrowdStrike can assist you in addressing possible vulnerabilities within your business before they can be leveraged by cybercriminals:

  • Gain Visibility Into Security Gaps - you can only protect what you know about. With the rapid increase in cloud migration, many businesses have increased their digital footprint and attack surface with unknown exposed assets. As such, it's vital to gain deep visibility of your assets and understand their risk level to ensure they're protected. External Attack Surface Monitoring (EASM) solutions can help you to identify areas of exposure and close security gaps.
  • Prioritise Identity Protection - traditional endpoint solutions aren’t enough to detect malware-free attacks. Businesses should not only enforce multi-factor authentication (MFA) but look for solutions that extend it into legacy and unmanaged systems and provide immediate detection and real-time prevention of lateral movement and suspicious behaviour.
  • Augment Cloud Protection - with adversaries aggressively targeting cloud infrastructure using a broad array of tools, techniques, and procedures (TTPs), businesses need to implement agentless capabilities that can protect against misconfiguration and identity-based attacks and ensure runtime security.
  • Embrace Threat Intelligence - if you don’t know your adversary, you’re going to be unprepared to battle them, which means that intelligence remains a dominant threat. Industry-leading adversary tracking, malware analysis and threat intelligence can help you to stay informed and ensure you’re one step ahead of your adversaries.
  • Practice, Practice, Practice - technology is one part of the puzzle; people are the other. Security teams are crucial to stop breaches, but to do so, they need to continually be proactive, perform security exercises and eliminate weaknesses in practices and response. In fact, everyone within the business should practise, with user-awareness training fundamental to increasing defence.

PREPARING YOUR DEFENCE FOR 2023

Cybercriminals will continue to operate at a phenomenal rate in 2023, extending their reach using novel techniques as well as continuing to use many techniques observed in 2022. To find out more about what your business can expect, download the 2023 Global Threat Report. Or, if you’d like more information about the CrowdStrike Falcon Platform, get in touch with the team at Infotrust today.