In its most recent report, cybersecurity firm CrowdStrike disclosed a significant surge in identity-based breaches. To be more precise, it documented a staggering 583% upsurge in Kerberoasting identity attacks, marking an almost sixfold year-over-year (YoY) growth.

The Kerberoasting attack entails threat actors stealing valid credentials for Microsoft Active Directory service accounts, granting them privileged access while staying unnoticed.

“Overall, 62% of all interactive intrusions involved the abuse of valid accounts, while there was a 160% increase in attempts to gather secret keys and other credentials via cloud instance metadata APIs,” the company said in a media release.

CrowdStrike expands third-party integrations across key security domains
CrowdStrike detects 1 cyber intrusion every 7 minutes

Details of the report were based on CrowdStrike’s surveillance between July 2022 and June 2023. 

“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” said Adam Meyers, head of Counter Adversary Operations at CrowdStrike.

Breakout time falls further

CrowdStrike also observed that threat actors are able to reduce the time they execute their attacks. From 84 minutes in 2022, they can now move laterally from initial compromise to other hosts in the victim environment to 79 minutes in 2023. The cybersecurity solutions company noted that the fastest breakout time of the year was recorded at just seven minutes.

The financial industry remains the most attacked in CrowdStrike’s monitoring posting an 80% YoY increase in interactive intrusions, or intrusions that use hands-on keyboard activity. Interactive intrusions were up 40% overall, according to the report.

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods,” Meyers said. “Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”