CrowdStrike Global Threat Report 2023 - The Findings
The latest edition of the CrowdStrike Global Threat Report comes at a critical time for organisations around the world. As businesses have eased pandemic-driven operating environments and adjusted to economic difficulties, cybercriminals have become more sophisticated, relentless, and destructive in their attacks.
The CrowdStrike 2023 Global Threat Report summarises the analysis performed throughout 2022, including an overview of the threat landscape, key trends and findings and recommendations to help businesses respond with a stronger and more proactive defence.
Threat Landscape Overview
In 2022 the cyber threat landscape was defined by increased scope and relentless persistence. CrowdStrike’s report covers themes, trends, and events across the entirety of the cyber landscape, with some of the notable changes including:
- 84-minute average eCrime breakout time - the time a cybercriminal takes to move laterally from one compromised host to another in an environment reduced from 98 minutes to 84 minutes in 2022.
- Upsurge of Access Brokers - the popularity of threat actors who acquire access to organisations and sell to other actors increased in 2022, with a 112% rise in advertisements for access identified.
- Compromised Credentials have become popular - brokers continued to abuse compromised credentials acquired via information stealers or purchased on the criminal underground as a key means of access.
- Rise in Malware-Free Attacks - cybercriminals continued to move beyond malware to gain initial access, with malware-free activity accounting for 71% of all detections in 2022 (up from 62% in 2021).
- Speed of Interactive Intrusions - there was a 50% increase in interactivity intrusion campaigns in 2023, with accelerating activity in the latter part of the year. The technology sector was the most frequently targeted vertical.
Key Trends and Findings
To consolidate the 2022 report, the trends and findings can be unpacked under five key themes:
- Cloud Exploitation Skyrocketed - as predicted in last year’s report, cloud exploitation increased in 2022 as more businesses moved their operations to cloud environments and more cybercriminals became able to compromise cloud workloads. Observed cloud exploitation cases grew by 95% and cases involving cloud-conscious actors nearly tripled.
- Cybercriminals Re-Weaponised and Re-Exploited Vulnerabilities - threat actors consistently focused on previously established attack vectors in 2022. This involved modifying the same exploit to target other products or identifying potential targets and focusing on known vulnerable components. This was particularly relevant to vulnerabilities in edge devices.
- China-Nexus Adversaries Scaled Operations – China-nexus adversaries were observed targeting nearly every industry sector and geographic region in 2022. The attacks were likely intended to collect strategic intelligence, compromise intellectual property, and develop further surveillance of target groups.
- High-Profile Attacks Gained Notoriety - two newly named adversaries, SLIPPY SPIDER and SCATTERED SPIDER, targeted high-profile victims and impacted their employees, customers, and partners in 2022. These adversaries are highly skilled and have significant resources to evade takedown and arrest.
- Russian Cyber Operations Supported War in Ukraine - the Russia-Ukraine war has seen an unprecedented use of cyber capabilities throughout the military campaign. CrowdStrike observed a range of Russia-nexus activity relating to the conflict, including extensive intelligence collection and information operations to influence public sentiment.
Recommendations for Your Business
As adversaries across targeted intrusion, eCrime and hacktivist landscapes continue to operate with relentless determination, it’s vital for your business to strengthen its security posture. The following recommendations from CrowdStrike can assist you in addressing possible vulnerabilities within your business before they can be leveraged by cybercriminals:
- Gain Visibility Into Security Gaps - you can only protect what you know about. With the rapid increase in cloud migration, many businesses have increased their digital footprint and attack surface with unknown exposed assets. As such, it's vital to gain deep visibility of your assets and understand their risk level to ensure they're protected. External Attack Surface Monitoring (EASM) solutions can help you to identify areas of exposure and close security gaps.
- Prioritise Identity Protection - traditional endpoint solutions aren’t enough to detect malware-free attacks. Businesses should not only enforce multi-factor authentication (MFA) but look for solutions that extend it into legacy and unmanaged systems and provide immediate detection and real-time prevention of lateral movement and suspicious behaviour.
- Augment Cloud Protection - with adversaries aggressively targeting cloud infrastructure using a broad array of tools, techniques, and procedures (TTPs), businesses need to implement agentless capabilities that can protect against misconfiguration and identity-based attacks and ensure runtime security.
- Embrace Threat Intelligence - if you don’t know your adversary, you’re going to be unprepared to battle them, which means that intelligence remains a dominant threat. Industry-leading adversary tracking, malware analysis and threat intelligence can help you to stay informed and ensure you’re one step ahead of your adversaries.
- Practice, Practice, Practice - technology is one part of the puzzle; people are the other. Security teams are crucial to stop breaches, but to do so, they need to continually be proactive, perform security exercises and eliminate weaknesses in practices and response. In fact, everyone within the business should practise, with user-awareness training fundamental to increasing defence.
Preparing Your Defence for 2023
Cybercriminals will continue to operate at a phenomenal rate in 2023, extending their reach using novel techniques as well as continuing to use many techniques observed in 2022. To find out more about what your business can expect, download the 2023 Global Threat Report. Or, if you’d like more information about the CrowdStrike Falcon Platform, get in touch with the team at InfoTrust today.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help