The disruption of global elections and exploitation of generative AI are among the biggest threats on the horizon for 2024, lowering the barrier of entry and allowing more sophisticated cyberattacks, according to the 2024 CrowdStrike Global Threat Report.
The report highlights a surge in adversaries leveraging stolen identity credentials to exploit gaps in cloud environments and maximise the stealth, speed and impact of cyberattacks.
Credentials stemming from retail organisations were the second most advertised on the dark web. Access brokers (those who gain access via stolen credentials and then sell that access to other criminals) continued to profit from providing initial access to a variety of e-crime threat actors in 2023, with the number of access advertisements increasing by 20% compared to 2022.
The speed of cyberattacks continues to accelerate at an alarming rate. The report indicates that the average breakout time is down to only 62 minutes from 84 minutes in the previous year, with the fastest recorded attack coming in at 2 minutes and 7 seconds.
The report also notes a sharp increase in interactive intrusions and hands-on-keyboard activity (60%) as adversaries increasingly exploit stolen credentials to gain initial access at targeted organisations. Retail was tied fourth for most targeted by interactive intrusions, representing 9% of all intrusions globally.
Adversaries turned their sights to the cloud through valid credentials – creating a challenge for defenders looking to differentiate between normal and malicious user behaviour. The report shows cloud intrusions increased 75% overall with cloud-conscious cases amplifying 110% year-over-year.
In 2023, CrowdStrike observed nation-state actors and hacktivists experimenting with and seeking to abuse generative AI to democratise attacks. The report highlights how generative AI will likely be used for cyber activities in 2024 as the technology continues to gain popularity.
With more than 40 democratic elections scheduled in 2024, nation-state and e-crime adversaries will have numerous opportunities to disrupt the electoral process or sway voter opinion. Nation-state actors from China, Russia and Iran are highly likely to conduct mis-or disinformation operations to sow disruption against the backdrop of geoconflicts and global elections.
“Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen e-crime groups, sophisticated nation-state actors and hacktivists targeting businesses in every sector spanning the globe,” CrowdStrike head of counter adversary operations, Adam Meyers said.
“Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard of speed, while threat groups continued to experiment with new technologies, like GenAI, to increase the success and tempo of their malicious operations.
“To defeat relentless adversaries, organisations must embrace a platform-approach, fueled by threat intelligence and hunting, to protect identity, prioritize cloud protection, and give comprehensive visibility into areas of enterprise risk.”