2nd Edition

Tracking the trends and news for IT and IT Security

Paul

CrowdStrike 2023 Threat Hunting Report Reveals Identity-Based Attacks and Hands-on-Keyboard Acti…

faviconWso.ico CrowdStrike 2023 Threat Hunting Report Reveals Identity-Based Attacks and Hands-on-Keyboard Acti…>
– wallstreet-online.de
CrowdStrike has released its 2023 Threat Hunting Report, which reveals significant trends in cyber attacks. The report, based on data collected between July 2022 and June 2023, highlights a substantial increase in identity-based intrusions, the growing use of legitimate remote monitoring and management (RMM) tools by adversaries, and a record low in adversary breakout time. Key findings from the report include: – A 583% increase in identity attacks using Kerberoasting techniques, resulting in valid credentials being obtained for Microsoft Active Directory service accounts. This allows adversaries to remain undetected and gain higher privileges in victim environments. – A 312% YoY increase in adversaries leveraging RMM tools, such as remote IT management applications, to evade detection and gain access to sensitive data or deploy ransomware. – Adversary breakout time has reached an all-time low of 79 minutes, with the fastest breakout time recorded at just seven minutes. This indicates adversaries are becoming faster at moving laterally within compromised environments. – The financial industry experienced an 80% YoY increase in interactive intrusions, which involve direct keyboard activity by threat actors. – Access Broker advertisements on criminal or underground communities increased by 147%, providing easy access to valid accounts for eCrime actors and helping established adversaries improve their tactics. – A threefold increase in the use of the Linux privilege-escalation tool linPEAS by adversaries targeting cloud environments, allowing them to exploit metadata, network attributes, and credentials. Adam Meyers, head of Counter Adversary Operations at CrowdStrike, emphasized the complexity and depth of the evolving threat landscape. Security leaders are urged to assess whether their teams have the necessary solutions to respond swiftly to lateral movement by adversaries within just minutes. These insights provide valuable information on the current state of cyber threats and can help organizations develop better defense strategies to protect their networks and data.
Link: https://bit.ly/45cOyGO

Categories:

Tags: