CrowdStrike Security Report Highlights a Surge in Cloud Threats

Highlights:

• In 2023, the average breakout time—the duration an attacker needs to expand their access from the initial breach point to other network areas—decreased to 62 minutes, compared to 79 minutes recorded in 2022.
• Last year, CrowdStrike noted nation-state actors and hacktivists exploring and attempting to exploit generative AI technology to democratize attacks, thereby reducing the barrier of entry for more sophisticated operations.

The latest CrowdStrike security report cautions of an increase in adversaries utilizing stolen identity credentials to exploit vulnerabilities in cloud environments, aiming to enhance the cyberattack’s speed, scale, and impact.

The 2024 CrowdStrike Global Threat Report, now in its 10th annual edition, examines data from 2023 and highlights the most significant threats anticipated for 2024. Among these concerns is the exploitation of generative artificial intelligence, which is expected to reduce the barrier of entry for launching more sophisticated cyberattacks.

In 2023, CrowdStrike noted a significant surge in attack velocity, characterized by cyberattacks accelerating at an alarming rate, as highlighted in the report. In 2023, the average breakout time—the duration an attacker needs to expand their access from the initial breach point to other network areas—decreased to 62 minutes, compared to 79 minutes recorded in 2022.

The time of the quickest attack documented in 2023 was two minutes and seven seconds. After gaining initial access, an adversary could deploy initial discovery tools to compromise victims in a matter of 31 seconds.

In 2023, there was a rise in stealthy attacks, with adversaries persistently compromising credentials. The CrowdStrike security report highlights a 60% increase in interactive intrusions and hands-on-keyboard activity. Interactive intrusions and hands-on-keyboard activity denote cyber-attacks wherein the attacker directly engages with the compromised system in real-time. This involvement typically includes executing commands, traversing laterally across the network, and adjusting tactics in response to the encountered environment and defenses.

Adversaries favored stolen credentials for accessing the cloud, as evidenced by a significant 75% increase in cloud intrusions last year. Cloud-conscious cases, denoting security incidents or considerations specifically centered on cloud environments, experienced a notable increase of 110% year-over-year.

Any cybersecurity report covering 2023 will likely address generative AI, and the CrowdStrike security report is no exception. However, what makes it intriguing is the identity of the individuals or groups employing this technology. In 2023, CrowdStrike noted nation-state actors and hacktivists exploring and attempting to exploit generative AI technology to democratize attacks, thereby reducing the barrier of entry for more sophisticated operations.

Adam Meyers, CrowdStrike’s Head of Counter Adversary Operations, explains. “Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen eCrime groups, sophisticated nation-state actors, and hacktivists targeting businesses in every sector spanning the globe. Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard-of speed, while threat groups continued to experiment with new technologies, like gen AI, to increase the success and tempo of their malicious operations.”