Crowdstrike report reveals increase in identity attacks

In the wake of increased cyber crime challenges, Crowdstrike’s 2023 report reveals a jump in identity-based cyber intrusions targeting the cloud

Crowdstrike has announced the release of its CrowdStrike 2023 Threat Hunting Report which has revealed a massive increase in identity-based intrusions. The reports cover attack trends and “adversary tradecraft” observed by CrowdStrike’s elite threat hunters and intelligence analysts. 

There has been a significant increase in more sophisticated cyber attacks targeting the cloud, with a spike in remote monitoring and management (RMM) tools, according to the report, with adversary breakout time hitting an all time low.

In the wake of cyber crime becoming increasingly more sophisticated, it is important that businesses consider possible risks and mitigate accordingly.

Significant increase in complex threat actors targeting the cloud

The report comes in the wake of huge safety concerns from within the industry. Business leaders and company surveys have consistently alluded to an impending “cyber crisis” as a result of a growing skills gap within the industry, as well as businesses being faced with more complex cyber attacks.

Key facts
  • 583% increase in Kerberoasting: a growing identity-based attack technique
  • 312% increase in remote monitoring and management exploits
  • 79 minutes average eCrime breakout time, a 5-minute drop from 2022
  • 62% of interactive intrusions involved compromised identities

Overall, Crowdstrike found that 62% of interactive cyber intrusions have involved compromised identities. In particular, there has been a 583% increase in Kerberoasting and 147% increase in broker advertisements on the dark web since 2022, highlighting the growth in end-to-end criminal ecosystems exploiting identity-based attacks.

The company describes Kerberoasting as “a post-exploitation attack technique that attempts to obtain a password hash of an Active Directory account that has a Service Principal Name (“SPN”).”

The report also found that adversary breakout time hit an all time low of 79 minutes, having fallen from 84 minutes in 2022, with the fastest cyber attack breakout time of the year at seven minutes in duration.

In addition, Crowdstrike found that cyber hackers or ‘bad actors’ have increased identity-based attacks. 62% of interactive intrusions involved the abuse of valid accounts, with a 160% increase in attempts to gather secret keys and other credentials via the cloud.

This large jump in volume of intrusion activity appears to target essential industries like the financial services in particular. These are the largest jumps in volume of targeted activity CrowdStrike has observed to date for the financial services industry, surpassing telecommunications as the current second-most targeted sector.

Situations like the hack on Revolut’s digital systems indicate the significance of increased global cyber attacks and how businesses - especially financial organisations - would benefit from investing more into cybersecurity.

“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. 

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”

 

******

For more insights into the world of Technology - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Technology Magazine.

Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.

Share

Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI