Emerging threat actors and increasing China-nexus activity drive a surge in identity and cloud threats, an uptick in social engineering, and faster breakout times
AUSTIN, Texas โ February 28, 2023ย โย CrowdStrikeย (Nasdaq: CRWD), today announcedย the release of 2023 CrowdStrikeย Global Threat Reportย โ the ninth annual edition of the cybersecurity leaderโs seminal report on the evolving behaviors, trends and tactics of todayโs most feared nation-state, eCrime and hacktivist threat actors around the world. Now tracking the activities ofย 200+ adversariesย โ including 33 new adversaries identified in the past year alone โ the report found a surge in identity-based threats, cloud exploitations, China-nexus espionage and attacks that re-weaponized previously patched vulnerabilities.
The annual report is created by the world-renownedย CrowdStrike Intelligence team, leveraging data from trillions of daily events fromย the CrowdStrike Falcon platformย and insights fromย CrowdStrike Falcon OverWatch. Key highlights from this yearโs report include:
โย ย ย ย 71% of attacks detected were malware-freeย (up from 62% in 2021) andย interactive intrusions (hands on keyboard activity) increased 50% in 2022ย โ Outlining how sophisticated human adversaries increasingly look to evade antivirus protection and outsmart machine-only defenses.
โย ย ย ย 112% year-over-year increase in access broker advertisements on the dark webย โ Illustrating the value of and demand for identity and access credentials in the underground economy.
โย ย ย ย Cloud exploitation grew by 95%ย and the number of cases involvingย โcloud-consciousโ threat actors nearly tripled year-over-year โย More evidence adversaries are increasingly targeting cloud environments.
โย ย ย ย 33 new adversaries introducedย โ The biggest increase CrowdStrike has ever observed in one year โ including the highly prolificย SCATTERED SPIDERย andย SLIPPY SPIDERย behind many recentย high-profile attacks on telecommunication, BPO, and technology companies.
โย ย ย ย Adversaries are re-weaponizing and re-exploiting vulnerabilitiesย โ Spilling over from the end of 2021, Log4Shell continued to ravage the internet, while both known and new vulnerabilities like ProxyNotShell and Follina โ just two of the more thanย 900 vulnerabilities and 30 zero-days Microsoftย issued patches for in 2022 โ were broadly exploited as nation-nexus and eCrime adversaries circumvented patches and side stepped mitigations.
โย ย ย ย eCrime actors moving beyond ransom payments for monetizationย โ 2022 sawย a 20% increase in the number of adversaries conducting data theft and extortionย campaigns.
โย ย ย ย China-nexus espionage surged across all 39 global industry sectors and 20 geographic regions tracked by CrowdStrike Intelligenceย โ Rise in China-nexus adversary activity shows that organizations across the world and in every vertical must be vigilant against the threat from Beijing.
โย ย ย ย Average eCrime breakout time is now 84 minutesย โ This is down from 98 minutes in 2021, demonstrating the extensive speed of todayโs threat actors.
โย ย ย ย The cyber impact of Russia-Ukraine war was overhyped but not insignificantย โ ย CrowdStrike saw a jump in Russia-nexus adversaries employing intelligence gathering tactics and even fake ransomware, suggesting the Kremlinโs intent to widen targeting sectors and regions where destructive operations are considered politically risky.
โย ย ย ย An uptick in social engineering tactics targeting human interactionsย โ Tactics such as vishing direct victims to download malware and SIM swapping toย circumvent multifactor authentication (MFA).
โThe past 12 months brought a unique combination of threats to the forefront of security. Splintered eCrime groups re-emerged with greater sophistication, relentless threat actors sidestepped patched or mitigated vulnerabilities, and the feared threats of the Russia-Ukraine conflict masked more sinister and successful traction by a growing number of China-nexus adversaries,โ said Adam Meyers, head of intelligence at CrowdStrike. โTodayโs threat actors are smarter, more sophisticated, and more well resourced than they have ever been in the history of cybersecurity. Only by understanding their rapidly evolving tradecraft, techniques and objectives โ and by embracing technology fueled by the latest threat intelligence โ can companies remain one step ahead of todayโs increasingly relentless adversaries.โ
A closer look at some of the new adversaries:
CrowdStrike Intelligence added 33 newly tracked adversaries bringing the total number of known adversaries tracked to more than 200. More than 20 of the new additions were SPIDERS, the CrowdStrike naming convention for eCrime adversaries. Among the newly tracked BEARs (Russia-nexus adversaries),ย GOSSAMER BEARโs credential-phishing operations were highly active throughout the first year of the Russia-Ukraine conflict, targeting government research labs, military suppliers, logistics companies and non-governmental organizations (NGO). CrowdStrike also introduced its first Syria-nexus adversary, DEADEYE HAWK, which was formerly tracked as the hacktivist DEADEYE JACKAL.
The CrowdStrike Intelligence team benefits from an unparalleled raw collection ofย intelligence data, leveraging trillions of security events per day to help stop the most ubiquitous of threats and power theย CrowdStrike Falconยฎ platform. As the platform of consolidation in security, Falcon enables organizations to proactively stop the most sophisticated of threats via its unique combination of endpoint and identity threat protection technology, adversary-driven intelligence and human-led analysis.
Additional Resources:
โย ย ย ย Download theย 2023 CrowdStrike Global Threat Report.
โย ย ย ย Visit CrowdStrikeโsย Adversary Universeย for the internetโs definitive source on adversaries.
โย ย ย ย To learn more about integrating threat intelligence into your security stack with CrowdStrikeโs industry-leading, adversary-focused technology, please visit ourย website.
About CrowdStrike
CrowdStrikeย (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with one of the worldโs most advanced cloud-native platforms for protecting critical areas of enterprise risk โ endpoints and cloud workloads, identity and data.
Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falconยฎ platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.
Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.
CrowdStrike: We stop breaches.
Learn more:ย https://www.crowdstrike.
Follow us:ย Blogย |ย Twitterย |ย LinkedInย
Start a free trial today:ย https://www.
ยฉ 2023 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.
Contact:
Kevin Benacci
CrowdStrike Corporate Communications
press@crowdstrike.com
