CrowdStrike Global Threat Report 2024 - The Findings

CrowdStrike has announced the release of its 2024 Global Threat Report, the company's annual report dedicated to highlighting emerging and continuing cyber security threats. This year's report covers the tactics and techniques used to exploit gaps in cloud protection, the continued exploitation of stolen identity credentials, the growing menace of supply chain attacks and the potential for advanced technologies and global elections to disrupt the threat landscape. The report also offers practical recommendations to help protect your business in the coming year. With the threat level rising higher than ever, it's vital to be aware of the existing and upcoming threats and put the necessary measures in place to protect your business in 2024 and beyond.

THREAT LANDSCAPE OVERVIEW

The 2024 edition of the CrowdStrike Global Threat Report has arrived at a pivotal moment for cyber security professionals. While the speed and ferocity of cyberattacks continue to accelerate, the rise of generative AI has the potential to lower the barrier of entry for adversaries. Trends such as this are driving a change in the security landscape, where a 'good enough' approach will no longer be sufficient to counter modern threats.    

The threat landscape can be summarised by the following key statistics from the report:              

• 34 new adversaries were tracked by CrowdStrike, raising the total to 232
• Cloud-conscious cases increased by 110% year on year
• Cloud environment intrusions increased by 75% year-on-year
• 76% year-on-year increase in victims named on eCrime dedicated leak sites
• 84% of adversary-attributed cloud-conscious intrusions were focused on e-Crime

2024 THEMES AND TRENDS

To consolidate the report, the findings can be unpacked into four main trends:

1. Identity-Based and Social Engineering Attacks
                                         
Throughout 2023, adversaries from various motivations and regions persistently employed phishing tactics to imitate legitimate users, aiming at genuine accounts and crucial authentication data. CrowdStrike noted a trend where adversaries expanded their scope beyond stealing mere account credentials, targeting a range of valuable assets, including API keys, secrets, session cookies, tokens, one-time passwords (OTPs), and Kerberos tickets.

2. Evolving Cloud Threats

As global cloud adoption continues to surge, adversaries are seizing the opportunity, turning the cloud into a central focus for their operations. Cloud-aware adversaries, notably eCrime actors, are leveraging valid credentials to infiltrate victims' cloud infrastructures, deploying legitimate tools to carry out their attacks and blurring the lines between regular user actions and security breaches.

3. Increasing Third-Party Risk

In 2023, targeted intrusion actors continued exploiting trusted relationships to infiltrate organisations worldwide. These attacks exploit vendor-client connections, using two main tactics: compromising the software supply chain and leveraging access to IT service providers. The motivation behind the increase in third-party exploits is the significant potential for return on investment (ROI). One compromise can quickly cascade into numerous follow-on targets, enabling adversaries to exploit even the most secure end targets effectively.

4. Potential Threats Emerging in 2024

As organisations prepare for potential threats in 2024, two major disruptive forces are taking centre stage:

• Generative AI - the boom in accessible generative AI technology has raised concerns as adversaries seize its potential for malicious purposes. This democratisation of computing power could fuel their operations and potentially lower the barrier to entry for less skilled attackers. Two key risk areas are the development of malicious tools and scripts and the enhancement of social engineering and information operations through tailored content creation and manipulation.
• Global Government Elections - 2024's international elections present a unique threat landscape. With over 42% of the global population participating in elections across 55 countries, including major powers like India and the US, attackers have ample opportunity to disrupt these critical events. This year's geopolitical tensions further heighten the risk, with elections unfolding in Taiwan and Russia.

CROWDSTRIKE'S RECOMMENDATIONS

CrowdStrike's recommendations can help you address possible vulnerabilities within your business before they can be leveraged by cybercriminals. To strengthen your security posture, CrowdStrike advises a focus on the following key areas:

• Make Identity Protection  Mandatory - you should implement robust multi-factor authentication, educate employees on social engineering tactics, and monitor all environments for suspicious activity to prevent adversaries from exploiting stolen credentials and achieving swift access.
• Prioritise Cloud-Native Application Protection Platforms (CNAPPs) - CNAPPs offer a unified platform to streamline security monitoring, threat detection, and response across your cloud environment. Opt for a CNAPP that provides pre-runtime, runtime, and agentless protection for comprehensive coverage.
• Adopt a Unified Security Platform - consolidate your identity, cloud, endpoint, and data protection telemetry into a single, AI-powered security platform. This unified view empowers you to identify and respond to breaches swiftly and efficiently, saving time and resources.
• Enhance Threat Detection, Investigation, and Response - explore faster, cloud-based platforms that leverage artificial intelligence (AI) for threat detection, investigation, and response. These next-generation platforms offer improved efficiency and visibility compared to legacy SIEMs. Alternatively, consider 24/7 managed detection and response (MDR) services for continuous monitoring and response.
• Create a Culture of Security - implement user awareness programs to combat phishing and social engineering. Additionally, foster a culture of security within your team by conducting regular tabletop exercises and red/blue teaming to identify vulnerabilities and continuously improve your cyber security posture.

PROTECTING YOUR BUSINESS IN 2024 AND BEYOND

CrowdStrike's report highlights the evolving landscape of threats facing organisations worldwide. As we navigate these challenges, businesses must stay vigilant and proactively safeguard their assets. To learn more about the specific threats outlined in the report and how to protect your business in 2024 and beyond, download the CrowdStrike Global Threat Report today.

‍