CrowdStrike, a leading cybersecurity company, has released its annual Threat Hunting Report for 2023, uncovering a significant rise in identity-based intrusions and a growing focus on targeting the cloud. The report, compiled by CrowdStrike’s expert threat hunters and intelligence analysts, also highlights a threefold increase in adversaries’ use of legitimate remote monitoring and management (RMM) tools, as well as a record-breaking low in adversary breakout time.
Covering the period between July 2022 and June 2023, this marks the sixth edition of the report, which is now published by CrowdStrike’s newly unveiled Counter Adversary Operations team. The report was officially announced during the Black Hat USA 2023 event.
One of the key findings from the report is the surge in identity-based intrusions. As businesses and individuals increasingly rely on digital platforms and services, threat actors have adapted their tactics accordingly. CrowdStrike’s research sheds light on the importance of identity protection and the need for robust security measures to counter this growing threat.
Another area of concern is the rise in cloud targeting by adversaries. Cloud infrastructure has become a crucial component of many organizations’ operations, making it an attractive target for cybercriminals. CrowdStrike’s report emphasizes the need for advanced cloud security solutions to fend off attacks and protect sensitive data stored in the cloud.
Additionally, the report highlights a worrisome trend of adversaries exploiting legitimate remote monitoring and management tools. These tools play a vital role in providing IT support and assistance, but when misused, they pose serious security risks. Organizations must exercise caution and implement measures to mitigate these risks effectively.
Furthermore, CrowdStrike’s investigators have recorded an alarming decrease in adversary breakout time. Breakout time refers to the speed at which an attacker successfully infiltrates a network and gains access to critical systems or data. The report reveals that adversaries have become more proficient and efficient in their operations, necessitating improved detection and response capabilities to combat these swift attacks.
In summary, CrowdStrike’s 2023 Threat Hunting Report draws attention to the increasing prevalence of identity-based intrusions and the escalating focus on targeting cloud environments. The report underlines the urgent need for organizations to prioritize identity protection, enhance cloud security measures, and bolster their defenses against adversaries misusing remote monitoring and management tools. With adversaries continually evolving their tactics and minimizing breakout time, proactive cybersecurity measures and robust threat hunting capabilities are vital to safeguard against increasingly sophisticated attacks.