Crowdstrike report reveals increase in identity attacks

The report comes in the wake of huge safety concerns from within the industry
In the wake of increased cyber crime challenges, Crowdstrike’s 2023 report reveals a jump in identity-based cyber intrusions targeting the cloud

Crowdstrike has announced the release of its CrowdStrike 2023 Threat Hunting Report which has revealed a massive increase in identity-based intrusions. The reports cover attack trends and “adversary tradecraft” observed by CrowdStrike’s elite threat hunters and intelligence analysts. 

There has been a significant increase in more sophisticated cyber attacks targeting the cloud, with a spike in remote monitoring and management (RMM) tools, according to the report, with adversary breakout time hitting an all time low.

In the wake of cyber crime becoming increasingly more sophisticated, it is important that businesses consider possible risks and mitigate accordingly.

Significant increase in complex threat actors targeting the cloud

The report comes in the wake of huge safety concerns from within the industry. Business leaders and company surveys have consistently alluded to an impending “cyber crisis” as a result of a growing skills gap within the industry, as well as businesses being faced with more complex cyber attacks.

Key facts
  • 583% increase in Kerberoasting: a growing identity-based attack technique
  • 312% increase in remote monitoring and management exploits
  • 79 minutes average eCrime breakout time, a 5-minute drop from 2022
  • 62% of interactive intrusions involved compromised identities

Overall, Crowdstrike found that 62% of interactive cyber intrusions have involved compromised identities. In particular, there has been a 583% increase in Kerberoasting and 147% increase in broker advertisements on the dark web since 2022, highlighting the growth in end-to-end criminal ecosystems exploiting identity-based attacks.

The company describes Kerberoasting as “a post-exploitation attack technique that attempts to obtain a password hash of an Active Directory account that has a Service Principal Name (“SPN”).”

The report also found that adversary breakout time hit an all time low of 79 minutes, having fallen from 84 minutes in 2022, with the fastest cyber attack breakout time of the year at seven minutes in duration.

In addition, Crowdstrike found that cyber hackers or ‘bad actors’ have increased identity-based attacks. 62% of interactive intrusions involved the abuse of valid accounts, with a 160% increase in attempts to gather secret keys and other credentials via the cloud.

This large jump in volume of intrusion activity appears to target essential industries like the financial services in particular. These are the largest jumps in volume of targeted activity CrowdStrike has observed to date for the financial services industry, surpassing telecommunications as the current second-most targeted sector.

Situations like the hack on Revolut’s digital systems indicate the significance of increased global cyber attacks and how businesses - especially financial organisations - would benefit from investing more into cybersecurity.

“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. 

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”

 

******

For more insights into the world of Technology - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Technology Magazine.

Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.

Share

Featured Articles

Gary Merrill: Who Is Commvault’s First-Ever CCO?

Experiencing a period of rapid growth, Commvault have created the new position of CCO and given it to company veteran and former CFO Gary Merrill to lead

Xalient's Stephen Amstutz on Need for Cyber Staff Wellness

Stephen Amstutz, Director of Innovation at Xalient explains why cyber staff are getting stressed and what can be done to help

Worldwide IT Outage Not Cyber Attack - But Software Update

The global IT outage that is being described as one of the biggest ever is thankfully not being attributed to a cyber attack, but rather a software update

Companies Across Cyber Sphere Warn of Surge in DDoS attacks

Cyber Security

UK Takes Steps to Strengthen Country's Cyber Security

Cyber Security

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

Operational Security