INFOGRAPHIC
The rise in global attacks on financial service firms was driven , in part , by an uptick in activity originating from North Korea .
The intelligence is outlined in the CrowdStrike 2023 Threat Hunting Report .
The company ’ s sixth annual edition of the report , which covers attack trends and adversary tradecraft observed by CrowdStrike ’ s threat hunters and intelligence analysts , exposes a massive increase in identity-based intrusions , growing expertise by adversaries targeting the cloud , a 3x spike in adversary use of legitimate remote monitoring and management ( RMM ) tools and that record low in adversary breakout time . intrusions that use hands-on keyboard activity , interactive intrusions were up 40 % overall .
• Access Broker advertisements increase by 147 % on criminal or underground communities : Ready access to valid accounts for sale lowers the barrier to entry for eCrime actors looking to conduct criminal operations and allow established adversaries to hone their post-exploitation tradecraft to achieve their objectives with more efficiency .
“ In our tracking of over 215 adversaries in the past year , we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms , such as abusing valid credentials to target vulnerabilities in the cloud and in software ,”
Covering adversary activity between July 2022 and June 2023 , the report is the first to be published by CrowdStrike ’ s newly unveiled Counter Adversary Operations team , which was officially announced at Black Hat USA 2023 .
Key findings from the report include :
• Within the APJ region , technology companies were the most targeted , attracting 26 % of all attacks , with telco ( 12 %), retail ( 11 %), financial services ( 8 %) and manufacturing ( 7 %) making up the rest of the top five .
• Chinese adversaries showed a strong interest in regional APJ targets , targeting 14 different industry types , compared to only 6 in the Americas and 2 in EMEA .
• Adversary breakout time hits an all-time low of 79 minutes : The average time it takes an adversary to move laterally from initial compromise to other hosts in the victim environment fell from the previous all-time low of 84 minutes in 2022 to a record 79 minutes in 2023 . Additionally , the fastest breakout time of the year was recorded at just seven minutes .
• The financial industry saw a stunning 80 % YoY increase in interactive intrusions : Defined as said Adam Meyers , head of Counter Adversary Operations , CrowdStrike .
“ When we talk about stopping breaches , we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods . Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes .” p
When we talk about stopping breaches , we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods .
www . intelligentcio . com INTELLIGENTCIO APAC 29