top of page

Insights from CrowdStrike's 2023 Threat Report

By. Valente Aguilar

As we move into the digital age, the cybersecurity threat landscape continually evolves, presenting new challenges and risks for organizations around the world. Cybercriminals are becoming more sophisticated and creative in their attacks, and businesses must remain vigilant and adaptable to defend against these threats. CrowdStrike's 2023 threat report offers valuable insights into the latest cybersecurity threats, trends, and best practices. In this article, we'll delve into the report's findings and explore what it means for businesses looking to stay ahead of the curve and protect themselves from cyber threats for years to come. From emerging threats to recommended security measures, we'll cover everything to help you stay informed and secure in the digital landscape.

The 2023 CrowdStrike threat report highlights the increasing speed and sophistication of eCrime's adversaries in the cybersecurity landscape. According to the report, eCrime's adversaries in 2022 operated with even greater efficiency and complexity than in previous years, using more advanced techniques to evade detection and achieve their goals. One of the most alarming trends highlighted in the report is the increase in eCrime breakout time, which refers to the amount of time it takes for a cyber attacker to infiltrate a system and move laterally through the network to their target. The report reveals that eCrime's average breakup time has now dropped to 84 minutes, up from 146 minutes in 2021, highlighting the speed with which these attacks can take place.

In addition, the report also sheds light on the increasing use of malware-free attacks by cybercriminals, with 71% of attacks detected by CrowdStrike Intelligence being carried out without the use of malware. This trend suggests that adversaries are increasingly adept at using legitimate tools and techniques to achieve their goals while evading traditional security measures. The combination of faster breakout times and more sophisticated attacks underscores the need for enterprises to take a comprehensive, proactive approach to cybersecurity that includes advanced threat detection and response capabilities.

The report reveals a disturbing trend in the form of an Access Broker boom in 2022. These brokers are cybercriminals who specialize in gaining illicit access to organizations and then selling or renting that access to other malicious actors, including ransomware operators. The report indicates that the number of ads for access corridors increased by 112% compared to the previous year. This sharp increase highlights the growing demand for stolen login credentials and underscores the need for enterprises to prioritize protection against identity threats as part of their cybersecurity strategy.

The report also highlights an increase in social engineering attacks, where cybercriminals use various psychological tricks to manipulate people into divulging sensitive information or performing actions that can compromise security. These attacks often involve impersonating trusted entities, such as colleagues or service providers, to gain the victim's trust and extract valuable information. The combination of the rise of Access Broker and the rise of social engineering attacks underscores the importance of robust identity threat protection as part of a comprehensive cybersecurity strategy. Protection against identity threats involves implementing measures such as two-factor authentication, password policies, and security awareness training for employees to identify and prevent social engineering attacks. By prioritizing protection against identity threats, businesses can effectively protect against the rising tide of cyber threats in the digital landscape.

An important highlight is China's continued dominance in the cyberespionage landscape. According to the report, adversaries of the China nexus remain the most active targeted intrusion groups globally. In 2022, CrowdStrike Intelligence observed that these groups targeted nearly all of the 39 global industry sectors and 20 geographic regions they track, highlighting the far-reaching scope of China's cyber espionage operations.

The report underscores the persistence and sophistication of adversaries of the China nexus, who continue to leverage tactics, techniques and advanced procedures (TTPs) to infiltrate specific networks and leak sensitive information. The sheer breadth of industries and target regions indicates that China's cyberespionage activities are not limited to any specific sector or geographic location, but pose a broad and ongoing threat to organizations around the world. Given China's prominent role in the cyberespionage landscape, it is crucial that organizations prioritize cybersecurity measures that can effectively detect and respond to these attacks.

Another important issue is that cloud environments are increasingly becoming a target for cybercriminals, with cloud exploitation growing by 95% by 2022. According to the report, CrowdStrike Intelligence observed a nearly 3-fold increase in "cloud-aware" threat actors specifically targeting cloud-based systems and applications. These adversaries are leveraging increasingly sophisticated techniques for initial access, lateral movement, privilege escalation, defense evasion, and data collection.

The report highlights the need for organizations to take a holistic approach to protecting their cloud environments. This includes implementing security measures such as multi-factor authentication, network segmentation, encryption, and access controls. It's also important for organizations to monitor their cloud environments for unusual activity and be prepared with incident response plans that address cloud-specific threats.

With cloud adoption on the rise across industries, the cloud threat landscape is expected to grow in the coming years. By taking proactive steps to protect their cloud environments, organizations can effectively mitigate the risks of cloud-based cyberattacks and ensure the security of their critical systems and data.

Finally, the report emphasizes the critical importance of patching vulnerabilities in a timely manner. Adversaries are increasingly exploiting vulnerabilities with greater sophistication and trying to circumvent mitigations to target the same vulnerable components multiple times. This practice of "vulnerability reuse" poses a serious threat to organizations, particularly those that rely on legacy technology that may have architectural weaknesses and systemic risks.

Given the persistence and sophistication of modern threat actors, patching vulnerabilities should be a priority for organizations across industries. This includes implementing regular vulnerability assessments, monitoring zero-day vulnerabilities, and performing timely patches and system and application updates. Organizations must also invest in security measures that can detect and prevent attacks even in the event that a vulnerability is successfully exploited.

As the threat landscape continues to evolve and become more complex, it is critical that organizations take a comprehensive and proactive approach to cybersecurity. By staying informed about emerging threats and taking proactive steps to protect their systems and data, organizations can effectively defend against even the most persistent and sophisticated cyber adversaries.

10 views0 comments
bottom of page