CrowdStrike has announced the findings of its 2023 Threat Hunting Report offering insights into the evolving landscape of cyber threats and adversary strategies. The report uncovered a surge in identity-based attacks and criminals increasingly targeting cloud environments.
There is also a notable threefold increase in legitimate remote monitoring and management (RMM) tool usage by adversaries, and a record-low adversary breakout time. This is the average time it takes an adversary to move laterally from initial compromise to other hosts in the victim environment. An all-time record has been set - from 84 minutes in 2022 to a new record low of 79 minutes in 2023. Impressively, the swiftest breakout recorded was a brief seven minutes.
The report looked at data from July 2022 to June 2023, and its results emphasize the heightened complexity and sophistication of today's threat landscape. As threat actors are shifting to novel tactics and platforms, it has become critical for security leaders to evaluate whether their solutions can thwart these criminals quickly enough.
Another particularly significant finding in the report is the shift towards leveraging valid credentials to exploit vulnerabilities within cloud systems and software.
There was a striking 83% surge in Kerberoasting identity attacks and showcases a significant uptick in identity-focused breaches. This method enables adversaries to exploit Microsoft Active Directory service accounts to secure valid credentials, often granting them elevated privileges and enabling stealthy presence within targeted environments for extended durations.
There was also a 160% increase in efforts to gather secret keys and other credentials through cloud instance metadata APIs.
Adam Meyers, the head of Counter Adversary Operations at CrowdStrike, underscored the speed at which adversaries are operating and the intentional avoidance of conventional detection methods.
“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”
For organizations, this means staying on top of any evolving tactics and deploying adaptive measures that can work to defend against these sophisticated threats.
Edited by
Greg Tavarez