Cyberattack trends were analyzed in a recent report by CrowdStrike. The report revealed a massive increase in identity-based intrusions, growing expertise by adversaries targeting the cloud, a 3x spike in adversary use of legitimate remote monitoring and management (RMM) tools and a record low in adversary breakout time.
Key findings from the report include:
- Research found a nearly 6x year-over-year (YoY) spike in Kerberoasting attacks, a technique adversaries can abuse to obtain valid credentials for Microsoft Active Directory service accounts, often providing actors with higher privileges and allowing them to remain undetected in victim environments for longer periods of time. Overall, 62% of all interactive intrusions involved the abuse of valid accounts, while there was a 160% increase in attempts to gather secret keys and other credentials via cloud instance metadata APIs.
- The average time it takes an adversary to move laterally from initial compromise to other hosts in the victim environment fell from the previous all time low of 84 minutes in 2022 to a record 79 minutes in 2023. Additionally, the fastest breakout time of the year was recorded at just seven minutes.
- The financial industry saw an 80% YoY increase in interactive intrusions. Defined as intrusions that use hands-on keyboard activity, interactive intrusions were up 40% overall.
- Ready access to valid accounts for sale lowers the barrier to entry for eCrime actors looking to conduct criminal operations, and allow established adversaries to hone their post-exploitation tradecraft to achieve their objectives with more efficiency.
Read the full report here.