2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

2024 CrowdStrike Threat Hunting Report: Nation-States Exploit Legitimate Credentials to Pose as …

2024 CrowdStrike Threat Hunting Report: Nation-States Exploit Legitimate Credentials to Pose as …
CrowdStrike News Release
CrowdStrike released its 2024 Threat Hunting Report, which highlights the latest adversary trends, campaigns, and tactics based on intelligence from their threat hunters and analysts
The report reveals an increase in nation-state and eCrime adversaries exploiting legitimate credentials and identities to evade detection and bypass legacy security controls, as well as a rise in hands-on-keyboard intrusions, cross-domain attacks, and cloud control plane exploits
Key findings:
1) North Korea-Nexus Adversaries (FAMOUS CHOLLIMA) posed as legitimate U.S. employees, infiltrating over 100 primarily U.S. technology companies by using falsified or stolen identity documents to gain employment as remote IT personnel.
2) Hands-on-keyboard intrusions increased by 55%, with 86% of these intrusions executed by eCrime adversaries seeking financial gains
Healthcare saw a 75% increase, while technology remained the most targeted sector for the seventh consecutive year.
3) Remote Monitoring and Management (RMM) tool abuse grew by 70%, with adversaries like CHEF SPIDER (eCrime) and STATIC KITTEN (Iran-nexus) using legitimate tools like ConnectWise ScreenConnect for endpoint exploitation
RMM tool exploitation accounted for 27% of all hands-on-keyboard intrusions.
4) Cross-domain attacks persist, with threat actors exploiting valid credentials to breach cloud environments and eventually access endpoints, leaving minimal footprints in each domain.
5) Cloud-conscious adversaries like SCATTERED SPIDER (eCrime) target the cloud control plane, leveraging social engineering, policy changes, and password manager access to infiltrate cloud environments and move laterally, maintain persistence, and exfiltrate data
CrowdStrike’s comprehensive, human-led threat hunting directly informs the algorithms powering their AI-native Falcon platform, ensuring they stay ahead of evolving threats and deliver effective cybersecurity solutions.
Link: https://ir.crowdstrike.com/news-releases/news-release-details/2024-crowdstrike-threat-hunting-report-nation-states-exploit

Categories:

Tags: