CrowdStrike report uncovers rising identity and cloud threats

The 2023 CrowdStrike Global Threat Report has revealed a surge in identity-based threats, cloud exploitations, and attacks that re-weaponised previously patched vulnerabilities.

More than seven in 10 (71%) attacks detected were malware-free, up from 62% in 2021, and interactive intrusions (hands-on keyboard activity) increased 50% in 2022, reflecting how sophisticated human adversaries increasingly look to evade anti-virus protection and outsmart machine-only defenses.

The Report also found an 112% year-on-year increase in access broker advertisements on the dark web, illustrating the value of and demand for identity and access credentials in the underground economy. Cloud exploitation grew by 95% and the number of cases involving ‘cloud-conscious’ threat actors nearly tripled year-on-year – evidence that adversaries are increasingly targeting cloud environments.

Spilling over from the end of 2021, Log4Shell continued to ravage the internet, while both known and new vulnerabilities like ProxyNotShell and Follina – just two of the more than 900 vulnerabilities and 30 zero-days Microsoft issued patches for in 2022 were broadly exploited as nation-nexus and eCrime adversaries circumvented patches and side stepped mitigations.

eCrime actors are moving beyond ransom payments for monetisation with a 20% increase in the number of adversaries conducting data theft and extortion campaigns. The average eCrime breakout time is now 84 minutes, down from 98 minutes in 2021, demonstrating the extensive speed of today’s threat actors.

The past 12 months brought a unique combination of threats to the forefront of security, according to CrowdStrike head of intelligence, Adam Meyers.

“Splintered eCrime groups re-emerged with greater sophistication, relentless threat actors sidestepped patched or mitigated vulnerabilities,” he said.

“Today’s threat actors are smarter, more sophisticated and well-resourced than ever before in the history of cybersecurity. Only by understanding their rapidly evolving tradecraft, techniques and objectives – and embracing technology fueled by the latest threat intelligence – can companies remain one step ahead of today’s increasingly relentless adversaries.”