Adam Meyers

The landscape of corporate cybersecurity continues to shift, as threat actors abandon conventional malware attacks in favour of identity-based infiltration. This evolution in tactics presents new challenges for western organisations already grappling with state-sponsored cyber campaigns and increasingly sophisticated criminal groups.

According to research by Crowdstrike, cloud-based intrusions have risen by 75% in the past year, while cyber criminals have increased their use of legitimate remote management tools by 70%. These changes reflect a broader shift in attack methodologies, as adversaries adapt to improved corporate defences and seek new ways to breach company networks.

The transformation coincides with an increase in state-sponsored activities targeting western corporations, particularly from North Korean actors. Their operations have expanded beyond traditional cyber attacks to include the placement of IT workers within aerospace and technology companies, creating insider threats that conventional security measures struggle to detect.

Adam Meyers, Senior Vice President of Counter Adversary Operations (CAO) at CrowdStrike, heads a global team tracking criminal groups, state-sponsored actors and nation-state entities. His division integrates the capabilities of CrowdStrike Falcon Intelligence and Falcon OverWatch managed threat hunting teams with the company's AI-powered Falcon platform to detect and respond to emerging threats.

From political science student to cyber threat response chief

Adam, who joined CrowdStrike as one of its first employees, traces his path to cybersecurity through an unconventional route. After studying political science, he began work as a penetration tester for a defence contractor, where his interest in cyber threats developed.

“This led me to the path of exploit development, but my curiosity led me to reverse engineering,” he explains. The transition to threat hunting came through hands-on experience with cyber criminals. “I was working with a number of researchers tracking various threats when I encountered malware that was being used as a proxy for criminals. I could see the traffic they were generating and the victims they were interacting with and this ignited the passion for hunting down these threat actors and finding out who they were and how to stop them.”

That experience shaped the development of CrowdStrike’s threat response capabilities. From the company's inception, Adam says the focus has remained consistent: “CrowdStrike’s philosophy has been: ‘You don't have a malware problem, you have an adversary problem.’ This guiding principle has shaped our approach to cybersecurity. Instead of merely reacting to threats, we anticipate them, which requires deep intelligence work.”

CrowdStrike builds global network to track emerging threats

The scale of modern cyber threats requires continuous monitoring across multiple time zones. CrowdStrike has structured its operations to provide 24-hour coverage, drawing on intelligence community practices. “The team is built using a lot of lessons learned from the intelligence community over many years in terms of how to track adversaries, produce continuous reporting on those adversaries and adapt the platform to rapidly detect and outpace new threats,” Adam explains.

This approach has evolved to address emerging threat patterns that span traditional security boundaries. “We’ve observed a rise in cross-domain threats, where adversaries operate across multiple attack surfaces – identity, endpoint and cloud. Our team has adapted by connecting the dots between these domains, combining intelligence and telemetry to uncover patterns that would be invisible if viewed in isolation.”

North Korean infiltration campaign targets western aerospace sector

Among the most significant threats identified by Adam’s team is an operation by FAMOUS CHOLLIMA, a North Korea-linked threat actor. The group has infiltrated more than 100 US-based companies, primarily in the aerospace and technology sectors, by placing operatives as remote IT workers.

“They frequently do the minimum amount of work to not get fired and generate incredible amounts of revenue that can be used for North Korea’s weapons programmes,” says Adam. The investigation demonstrates the value of comprehensive monitoring across multiple security domains. “Our threat hunters detected subtle clues because we were simultaneously monitoring multiple domains. In order to catch a human threat actor we need to have visibility and human threat hunters to run down those leads and connect the dots across multiple attack surfaces.”

The nature of cyber attacks has transformed significantly in recent years, according to Adam with traditional attack vectors having given way to more sophisticated approaches. “A few years ago, phishing emails with malicious attachments were the most common tactic. Today, attackers increasingly rely on identity-based attacks, understanding that many organisations have fortified their technical defences with solutions like endpoint detection and response.”

Identity attacks rise as criminals adopt legitimate tools

The shift extends to the tools used by threat actors. According to Crowdstrike’ 2024 Threat Hunting Report, Remote Monitoring and Management (RMM) tools have seen a 70% increase in malicious usage over the past 12 months as criminals adopt legitimate software to maintain persistence in compromised networks. “These tools are harder for threat hunters to detect and indict as they may be an authorised user conducting system maintenance,” Adam notes.

Cloud-based attacks have risen by 75% in the past year, while interactive intrusions have increased by 55% as criminals move away from automated attacks. “What’s notable is that these intrusions aren't fully automated; human operators actively engage with compromised systems to blend in as legitimate users and bypass security controls to maximise their gains,” he explains.

This evolution in attack methods requires a corresponding change in defence strategies. “Relying solely on reactive measures or traditional defences isn't enough anymore. Threat hunting allows organisations to go out and meet the adversary when they make contact: the closer you can get to the initial intrusion, the faster you can stop the adversary.”

Peak attack periods identified in industry sectors

Analysis by Adam’s team has identified seasonal patterns in cyber criminal activity, with peak periods during the third and fourth quarters. Threat actors have begun targeting edge devices with vulnerabilities, while ransomware operators focus on unmanaged systems and hypervisors.

And looking forward, the emergence of AI and machine learning presents new challenges for cybersecurity teams. 

“One trend we're closely monitoring is the increasing use of AI and machine learning by adversaries,” he notes. “Just as defenders are leveraging these technologies, attackers are too.

“We’re beginning to see threat actors use AI to automate tasks like phishing campaigns and penetration testing. The pace at which adversaries are evolving is unprecedented and organisations must continue to invest in intelligence-driven security.”

To read the full article in the magazine, click HERE.

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand