CrowdStrike Report: New Techniques Favored Over Ransomware in More Attacks
The report makes clear the problem is getting worse, not better.
A new CrowdStrike report shows criminal hackers are shifting away from ransomware to new, innovative techniques. Those include multifactor authentication (MFA) fatigue, vishing and SIM swapping.
The 2023 CrowdStrike Global Threat Report is the ninth annual edition of the cybersecurity provider’s report on the evolving behaviors, trends and tactics of today’s most feared nation-state, e-crime and hacktivist threat actors globally.
The report found a surge in identity-based threats, cloud exploitations, China-nexus espionage and attacks that re-weaponized previously patched vulnerabilities.
Key CrowdStrike Report Findings
Key findings the CrowdStrike report include:
Criminal hackers are shifting away from ransomware to new, innovative techniques. These threat actors are financially motivated, non-state actors. For example, Scattered Spider and Slippy Spider emerged as highly capable and sophisticated groups, targeting high-risk, high-reward organizations through a variety of techniques including MFA fatigue, vishing and SIM swapping.
Seventy-one percent of attacks detected were malware-free, up from 62% in 2021. And interactive intrusions increased 50% in 2022. Human adversaries are increasingly looking to evade antivirus protection and outsmart machine-only defenses.
Adversaries in China have become increasingly brazen with their activity and targeting. No organization is safe from China-based hackers as they were the most active in 2022, targeting nearly all 39 global industry sectors and 20 geographic regions.
Cloud has become the new battleground for adversaries. There was a 300% year-over-year increase in observed “cloud-conscious” threat actors targeting cloud environments, and also a 95% year-over-year increase in observed cloud exploitations.
Microsoft legacy architecture continues to present systemic risk for organizations. The company issued more than 1,200 patches in 2022 including 28 zero-day patches. Adversaries continue to exploit Microsoft zero-days and vulnerabilities to attack organizations.
A surge in access broker advertisements as adversaries increasingly target credentials. There were more than 2,500 access broker advertisements across the criminal underground in 2022. That’s a 112% year-over-year increase compared to 2021. Simply put, there are more ads because adversaries have more credentials to sell.
Data Weaponization
Adam Meyers is CloudStrike‘s head of intelligence.
CrowdStrike’s Adam Meyers
“We are now in a time of data weaponization,” he said. “A lot of the threats that we’ve grown accustomed to, whether it be ransomware or bank fraud and things of that nature, are moving toward data extortion. And to kind of put a number behind that, one of the things that we cover in the report is that we saw a 20% increase in the number of adversaries conducting data theft and extortion without deploying ransomware. So that’s a 20% increase of actors that are not even bothering to deploy ransomware, They’re just stealing the data and threatening to leak it if you don’t pay them.”
Secondly, the bad guys are firmly targeting cloud, Meyers said.
“The total number of cloud exploitation cases – in other words, incidents that we worked or things that we looked at that involved cloud exploitation – grew by 95%, which is pretty significant,” he said. “And the number of cloud-conscious actors or cases involving cloud conscious actors nearly tripled. So more and more threat actors understand how to target the cloud and are doing so effectively. And I think a lot of organizations, a lot of enterprises really aren’t prepared or don’t have good strategies or mitigations in place for that.”
New Adversaries Emerging
Overall, the report makes clear the problem is getting worse, not better, Meyers said.
“We added 33 new adversaries over the course of the last year and we have over 200,” he said. “So that gives you a sense that we’re talking about a significant number of threats that are being added every year. If there’s a 16% year-over-year growth, that’s pretty significant.”
Data extortion is more effective than ransomware, Meyers said. That’s because more companies know how to combat ransomware.
“They have increasingly created robust backup solutions,” he said. “And they’ve put measures in place that prevent ransomware from being as effective in their environment,” he said. “And as a result, the threat actors are not getting the payment amounts and frequency that they would like. Data exploitation is a newer technique. They’ve been playing with it for a few years, but it’s really becoming kind of refined right now and they’ve figured out how to use it.”
The biggest economic impact of cybercrime is coming from China, Meyers said.
“China is one of the countries that conducts economic espionage, where they’ll steal intellectual property from an organization and then use it to generate their own organization in their own business around that intellectual property domestically inside of China,” he said. “One U.S. national security official called it the greatest wealth transfer in the history of the world. And I think that’s right. The Chinese have become prolific at stealing intellectual property, using cyber espionage techniques to win contracts, to expand their influence, and is probably the single greatest threat out there.”
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author
You May Also Like