CrowdStrike has announced the release of 2023 CrowdStrike Global Threat Report – the ninth annual edition of the cybersecurity leader’s seminal report on the evolving behaviors, trends and tactics of today’s most feared nation-state, eCrime and hacktivist threat actors around the world. Now tracking the activities of 200+ adversaries – including 33 new adversaries identified in the past year alone – the report found a surge in identity-based threats, cloud exploitations, China-nexus espionage and attacks that re-weaponized previously patched vulnerabilities.
The annual report is created by the world-renowned CrowdStrike Intelligence team, leveraging data from trillions of daily events from the CrowdStrike Falcon platform and insights from CrowdStrike Falcon OverWatch. Key highlights from this year’s report include:
- 71% of attacks detected were malware-free (up from 62% in 2021) and interactive intrusions (hands on keyboard activity) increased 50% in 2022 – Outlining how sophisticated human adversaries increasingly look to evade antivirus protection and outsmart machine-only defenses.
- 112% year-over-year increase in access broker advertisements on the dark web – Illustrating the value of and demand for identity and access credentials in the underground economy.
- Cloud exploitation grew by 95% and the number of cases involving ‘cloud conscious’ threat actors nearly tripled year-over-year – More evidence adversaries are increasingly targeting cloud environments.
- 33 new adversaries introduced – The biggest increase CrowdStrike has ever observed in one year -including the highly prolific SCATTERED SPIDER and SLIPPY SPIDER behind many recent high-profile attacks on telecommunication, BPO, and technology companies.
- Adversaries are re-weaponizing and re-exploiting vulnerabilities – Spilling over from the end of 2021, Log4Shell continued to ravage the internet, while both known and new vulnerabilities like ProxyNotShell and Follina – just two of the more than 900 vulnerabilities and 30 zero-days Microsoft issued patches for in 2022 – were broadly exploited as nation-nexus and eCrime adversaries circumvented patches and side stepped mitigations.
- eCrime actors moving beyond ransom payments for monetization – 2022 saw a 20% increase in the number of adversaries conducting data theft and extortion campaigns.
- China-nexus espionage surged across all 39 global industry sectors and 20 geographic regions tracked by CrowdStrike Intelligence – Rise in China-nexus adversary activity shows that organizations across the world and in every vertical must be vigilant against the threat from Beijing.
- Average eCrime breakout time is now 84 minutes – This is down from 98 minutes in 2021, demonstrating the extensive speed of today’s threat actors.
- The cyber impact of Russia-Ukraine war was overhyped but not insignificant – CrowdStrike saw a jump in Russia-nexus adversaries employing intelligence gathering tactics and even fake ransomware, suggesting the Kremlin’s intent to widen targeting sectors and regions where destructive operations are considered politically risky.
- An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multifactor authentication (MFA).
“The past 12 months brought a unique combination of threats to the forefront of security. Splintered eCrime groups re-emerged with greater sophistication, relentless threat actors sidestepped patched or mitigated vulnerabilities, and the feared threats of the Russia-Ukraine conflict masked more sinister and successful traction by a growing number of China-nexus adversaries,” said Adam Meyers, head of intelligence at CrowdStrike. “Today’s threat actors are smarter, more sophisticated, and more well-resourced than they have ever been in the history of cybersecurity. Only by understanding their rapidly evolving tradecraft, techniques and objectives – and by embracing technology fueled by the latest threat intelligence – can companies remain one step ahead of today’s increasingly relentless adversaries.”