2nd Edition

Tracking the trends and news for IT and IT Security

Paul

CrowdStrike 2023 Global Threat Report: Resilient Businesses Fight Relentless Adversaries

0223_04_GTR-2023_Blog_1060x698_ALT.jpg CrowdStrike 2023 Global Threat Report: Resilient Businesses Fight Relentless Adversaries>
CrowdStrike Blog – George Kurtz
The CrowdStrike 2023 Global Threat Report, among the most trusted and comprehensive research on the modern threat landscape, explores the most significant security events and trends of the previous year, as well as the adversaries driving this activity.

Nation-state activity was front and center throughout 2022. China state-nexus adversaries accelerated their cyber espionage campaigns throughout the year, and Iranian actors launched destructive “lock-and-leak” operations using ransomware.

Adversaries continued to adapt and refine their techniques, which included re-weaponizing vulnerabilities, a greater focus on cloud exploitation and a rise in malware-free attacks CrowdStrike Intelligence identified a significant increase in access broker activity throughout 2022, with more than 2,500 advertisements identified — a 112% jump from 2021. Cloud exploitation skyrocketed: Last year’s Global Threat Report anticipated a rise in cloud exploitation, a trend that unfolded as expected in 2022. Cloud exploitation cases grew by 95% last year, and incidents involving cloud-conscious threat actors nearly tripled from 2021. The cloud continues to evolve as the new battleground as adversaries increasingly target cloud environments. Malware-free attacks continued to rise: Sophisticated adversaries relentlessly searched for new ways to evade antivirus protection and outsmart machine-only defenses. Seventy-one percent of attacks detected were malware-free, while interactive intrusions (hands-on-keyboard activity) increased 50% in 2022. Adversaries re-weaponized and re-exploited vulnerabilities: The constant disclosure of vulnerabilities affecting legacy infrastructure like Microsoft Active Directory continued to burden security teams and present an open door to attackers, while the ubiquitous Log4Shell vulnerability ushered in a new era of “vulnerability rediscovery,” during which adversaries modify or reapply the same exploit to target other similarly vulnerable products. China-nexus adversaries scaled operations: CrowdStrike Intelligence tracks China-nexus adversaries as the most active targeted intrusion groups. China-nexus adversaries, and actors using TTPs consistent with them, were observed targeting nearly all 39 global industry sectors and 20 geographic regions we track. These intrusions are likely intended to collect strategic intelligence, compromise intellectual property and further the surveillance of targeted groups.
Link: https://www.crowdstrike.com/blog/global-threat-report-preview-2023/

Categories:

Tags: