The latest edition of the CrowdStrike Global Threat Report[1] comes at an important time for protectors around the world. As organizations focus on managing remote and hybrid teams, operationalizing years of digital transformation and navigating an uncertain global economy, adversaries have become more sophisticated, relentless and damaging in their attacks. As a result, a number of disruptive trends emerged in 2022 that threaten productivity and global stability.
The year started ominously as Russia’s deadly war of aggression in Ukraine brought about a terrible human toll, threatened international order and put countless global organizations at risk of spillover cyberattacks. At the same time, China state-nexus adversaries ramped up their cyber espionage campaigns, and Iranian actors launched destructive “lock-and-leak” operations using ransomware.
These growing nation-state attacks coincided with organizations struggling to manage an explosive landscape of vulnerabilities that amplified systemic risk. The constant disclosure of vulnerabilities affecting legacy infrastructure like Microsoft Active Directory continued to burden security teams and present an open door to attackers, while the ubiquitous Log4Shell vulnerability ushered in a new era of “vulnerability rediscovery,” during which adversaries modify or reapply the same exploit to target other similarly vulnerable products. Even our wins on the security front were tempered by the adversaries’ ability to adapt. Collaboration between the government and private sector dramatically improved, resulting in the arrest and dismantling of some of the world’s most notorious ransomware gangs — only to see splinter groups recalibrate and flourish.
Stopping breaches requires an understanding of the adversary, including their motivations, techniques and how they’re going to target your organization. Developed based on the firsthand observations of our elite cyber responders and analysts, CrowdStrike’s annual Global Threat Report provides this actionable intelligence to protectors around the world.
Last year, CrowdStrike’s Global Threat Report highlighted that 80% of cyberattacks leveraged identity-based techniques to compromise legitimate credentials and try to evade detection. This year, the report shows adversaries are doubling down on stolen credentials, with a 112% year-over-year increase in advertisements for access-broker services identified in the criminal underground. Organizations armed with this knowledge last year were able to harden their defenses and stay a step ahead of the adversary.
Other details and insight you’ll learn from this year’s report include:
- How a new, emerging class of eCrime threat actors is using fileless attacks to
- target high-profile organizations with devastating campaigns.
- Why identity protection continues to be a core requirement for risk mitigation as adversaries ramp up attacks on multifactor authentication.
- Why adversaries are accelerating cloud exploitation and the tactics they’re using to compromise cloud infrastructure.
- How adversaries have created a new “state of the art” for vulnerability exploitation to sidestep patches and why the industry needs to demand more secure software
These are just a few of the critical takeaways from this year’s report that will help you improve your business resilience and harden your security posture. The report shows that security must parallel the slope of technology innovation. As technology matures, security has to mature and match the innovation of the technology running our organizations. The same thing can be said for the adversary. With every innovation we achieve, we can expect the adversary to actively seek ways to exploit it.
From the cloud to Kubernetes, from AI to applications and more, as technology gets more complex and provides tremendous operational gains, security must evolve to protect the productivity we gain.
Security starts with knowledge — of the adversaries targeting us, their tactics and the vulnerabilities they’ll seek to exploit. With that knowledge comes resolve, that together we can prevail. From: George Kurtz, CrowdStrike CEO and Co-Founder.
Link to full report: CrowdStrike2023GlobalThreatReport.pdf
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] Permission to share 03 11 2023
Comments