The recent report from CrowdStrike, a computer and network security company, reveals a surge in cyber adversaries exploiting stolen identity credentials to exploit vulnerabilities in cloud environments, enhancing the stealth, velocity, and impact of their attacks.
The report also saw that disruptions to global elections and the exploitation of generative AI (GenAI) are among the expected threats for 2024.
“Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen eCrime groups, sophisticated nation-state actors, and hacktivists targeting businesses in every sector spanning the globe,” said Adam Meyers, head of Counter Adversary Operations, CrowdStrike. “Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard-of speed, while threat groups continued to experiment with new technologies, like GenAI, to increase the success and tempo of their malicious operations.”
READ:
CrowdStrike reveals spike in identity-based attacks
CrowdStrike expands third-party integrations across key security domains
Cloud platforms became prime targets, with adversaries using valid credentials, posing a challenge for defenders striving to discern between normal and malicious user behavior. Overall, cloud intrusions spiked by 75%, with cloud-conscious cases skyrocketing by 110% year-over-year.
Generative AI
In 2023, CrowdStrike observed nation-state actors and hacktivists exploring the potential of GenAI to democratize cyber attacks, making sophisticated operations more accessible. The report underscores the anticipated utilization of GenAI in cyber activities for 2024, as the technology gains traction.
With over 40 democratic elections slated for 2024, nation-state and eCrime adversaries could disrupt electoral processes or manipulate public opinion. According to CrowdStrike, nation-state actors from China, Russia, and Iran are likely to engage in misinformation or disinformation campaigns amidst geopolitical tensions and global elections.
CrowdStrike also found that the pace of cyber assaults is escalating. The report indicates a reduction in the average breakout time to a mere 62 minutes, down from 84 the previous year, with the quickest recorded attack clocking in at 2 minutes and 7 seconds. Once initial access was secured, adversaries took only 31 seconds on average to deploy initial discovery tools in attempts to compromise victims.
Interactive intrusions and hands-on-keyboard activities surged by 60%, with adversaries increasingly leveraging stolen credentials to gain initial access to targeted organizations.
“To defeat relentless adversaries, organizations must embrace a platform-approach, fueled by threat intelligence and hunting, to protect identity, prioritize cloud protection, and give comprehensive visibility into areas of enterprise risk,” Meyers said.