CrowdStrike Finds Rising Identity-Based Attacks in 2023

CrowdStrike Finds Rising Identity-Based Attacks in 2023

By Stefania Viscusi

CrowdStrike has announced the findings of its 2023 Threat Hunting Report offering insights into the evolving landscape of cyber threats and adversary strategies. The report uncovered a surge in identity-based attacks and criminals increasingly targeting cloud environments.

There is also a notable threefold increase in legitimate remote monitoring and management (RMM) tool usage by adversaries, and a record-low adversary breakout time. This is the average time it takes an adversary to move laterally from initial compromise to other hosts in the victim environment. An all-time record has been set - from 84 minutes in 2022 to a new record low of 79 minutes in 2023. Impressively, the swiftest breakout recorded was a brief seven minutes.

The report looked at data from July 2022 to June 2023, and its results emphasize the heightened complexity and sophistication of today's threat landscape. As threat actors are shifting to novel tactics and platforms, it has become critical for security leaders to evaluate whether their solutions can thwart these criminals quickly enough.

Another particularly significant finding in the report is the shift towards leveraging valid credentials to exploit vulnerabilities within cloud systems and software.

There was a striking 83% surge in Kerberoasting identity attacks and showcases a significant uptick in identity-focused breaches. This method enables adversaries to exploit Microsoft Active Directory service accounts to secure valid credentials, often granting them elevated privileges and enabling stealthy presence within targeted environments for extended durations.

There was also a 160% increase in efforts to gather secret keys and other credentials through cloud instance metadata APIs.

Adam Meyers, the head of Counter Adversary Operations at CrowdStrike, underscored the speed at which adversaries are operating and the intentional avoidance of conventional detection methods.

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”

For organizations, this means staying on top of any evolving tactics and deploying adaptive measures that can work to defend against these sophisticated threats.

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

ServiceNow Transforms the Employee Experience with Additions to Now Platform

By: Greg Tavarez    5/20/2024

ServiceNow announced the addition of new automation solutions to the Now Platform to transform the employee experience and simplify work across the en…

Read More

ICYMI: News Around the MSP Industry

By: Greg Tavarez    5/17/2024

Here are a few articles compiled into one for readers interested in developments around the MSP space.

Read More

Wildix UK and Ireland Shake Up Leadership for Growth and Innovation

By: Greg Tavarez    5/16/2024

Wildix announced a strategic leadership transition designed to propel the company's market growth.

Read More

Are Resellers Leaving Money on the Table?

By: Special Guest    5/16/2024

The expert and correct installation of network infrastructure and other components is crucial to every IT project's success, adding tangible value by …

Read More

Bitwarden's New Standalone App Makes Two-Factor Authentication Simple

By: Greg Tavarez    5/15/2024

Bitwarden recently launched a standalone app for two-factor authentication to protect online services and applications from unauthorized access.

Read More