CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular Tactics
Speed dominates as covert adversaries target identity.
Rawpixel.com/Shutterstock
In terms of attacks, speed dominates as covert adversaries target identity, according to CrowdStrike. Interactive intrusions (hands-on-keyboard activity) increased by 60% overall, while 75% of attacks to gain initial access were malware-free, highlighting an uptick in social engineering, supply-chain targeting and the use of access brokers. For the second consecutive year, technology and financial services were the top verticals targeted.
The average breakout time for e-crime intrusion activity decreased from 79 minutes in 2022 to 62 minutes in 2023, leaving defenders only an hour's worth of time to minimize the cost and damage caused by the intrusion.
Third-party relationship exploitation continues to be valuable for attackers, said CrowdStrike’s Adam Meyers.
“We saw a number of supply-chain attacks over the course of the past year, software supply-chain attacks where the adversary compromised a company that was building a particular piece of software, put a backdoor in it and then infect their customers,” he said. “We've observed North Korea leverage that, as well as China. And then there’s also targeting of managed services and telecoms, and things that organizations might rely on for service. There's a trust relationship there, and so they will exploit that, target an MSP and then go upstream against other targets.”
This year is remarkable from an election perspective, as 70% of the world's population will host an election, Meyers said.
“Some of the most populous countries in the world are having elections, and we're seeing disinformation and misinformation be a huge factor there,” he said. “We've already seen that in Taiwan. We saw the generative AI use of President Biden's voice in robocalls a few weeks ago. And this is going to get worse, not better, throughout the course of the year. The barrier to entry for things like deepfakes is getting lower and lower every day. The widespread availability of really powerful graphics processors that can be commercially obtained is lowering that barrier to entry as well. So this is something that we're keeping a very close eye on here at CrowdStrike and looking for how adversaries are using this and how we can stay on top of that, and particularly around that election cycle.”
Mainstream accessible generative AI technology exploded in late 2022, opening up a new realm of possibilities for efficient content creation and drawing the attention of adversaries seeking ways to exploit this new technology for their own purposes, according to CrowdStrike.
Generative AI has massively democratized computing to improve adversary operations. It can also potentially lower the entry barrier to the threat landscape for less sophisticated threat actors.
Two primary generative AI opportunity areas within the threat landscape include:
Developing and/or executing malicious computer network operations (CNO), including tool and resource development such as scripts or code that could be functionally malicious if used correctly.
Supporting the efficiency and effectiveness of social engineering and information operations campaigns.
Cybercriminals and nation-states are adapting their abilities to gain access to critical infrastructure, making the threat landscape even more complex and forcing organizations to reconsider their security needs, according to SonicWall.
While ransomware continues to be a threat, SonicWall Capture Labs threat researchers expect a broader set of actions in 2024, specifically targeting SMBs, governments and the enterprise. SonicWall sensors identify and prevent more than 19,000 threats per day.
Organizations are increasingly turning to MSPs to alleviate pressure on IT departments, according to SonicWall. Managed services have emerged as a game-changing solution, providing organizations with an additional human layer of defense, addressing alert fatigue, and freeing up valuable resources and time for core business functions.
“It has become clear that conventional network security isn’t enough,” said SonicWall’s Bob VanKirk. “Security professionals need assistance to cope with the overwhelming volume of cyberattacks and protect from the endpoint to the cloud. Especially as the cloud becomes an indispensable reality for businesses, the role of MSPs is shifting from technical maintenance to raising the bar on their customers' security posture.”
Threats of all varieties increased or intensified throughout 2023, VanKirk said.
“We would expect to see the numbers rise, especially as the barrier of entry lowers for threat actors,” he said. “AI helps even the least-skilled threat actor be successful. We expect to see a continued rise of threats as the overall threat landscape continues to intensify.”
To protect themselves, SonicWall suggests organizations:
Enable multifactor authentication (MFA).
Patch promptly.
Conduct regular security assessments.
Conduct ongoing security training.
Scan encrypted traffic.
Extend your protection to the cloud.
Threats of all varieties increased or intensified throughout 2023, VanKirk said.
“We would expect to see the numbers rise, especially as the barrier of entry lowers for threat actors,” he said. “AI helps even the least-skilled threat actor be successful. We expect to see a continued rise of threats as the overall threat landscape continues to intensify.”
To protect themselves, SonicWall suggests organizations:
Enable multifactor authentication (MFA).
Patch promptly.
Conduct regular security assessments.
Conduct ongoing security training.
Scan encrypted traffic.
Extend your protection to the cloud.
New CrowdStrike and SonicWall cyber threat reports show cybercriminals continue to up their games, accelerating challenges for cyber defenders.
CrowdStrike’s 10th annual Global Threat Report provides a look into the adversary landscape and how artificial intelligence (AI), geopolitical conflicts and adversaries' attack motivations have shifted over the past year.
Key findings in the CrowdStrike threat report include:
Thirty-four new adversaries tracked by CrowdStrike, raising the total to 232.
Cloud environment intrusions increased by 75% year over year.
Cloud-conscious cases increased by 110% year over year.
A 76% increase in victims named on eCrime dedicated leak sites (DLSs) year over year.
Eighty-four percent of adversary-attributed cloud-conscious intrusions were focused on e-crime.
CrowdStrike's Adam Meyers
“From a threat landscape perspective, we've seen quite a bit of activity,” said Adam Meyers, CrowdStrike’s senior vice president of counter adversary operations. “Criminal threat actors have continued to evolve. We've seen them moving towards being faster for continuing to try to leak sensitive information. And we're seeing them really evolve out of a lot of the tradecraft that they were known for, using things like Microsoft Excel documents, with macros and using that to deploy Cobalt Strike for post-exploitation and then Mimikatz to dump credentials.”
SonicWall's Cyber Threat Report
The 2024 SonicWall Annual Cyber Threat Report exposes all types of cyber behaviors and trends from digital adversaries.
Among key findings in this report:
Overall intrusion attempts climb over 20% as threat actors diversify tactics, increasing attacks around the globe.
Ransomware intensifies through 2023, up 27% in the second half of the year and peaking during the summer months.
Total cryptojacking volume spikes, up more than 659% globally.
IoT exploits (up 15%) and encrypted threats (up 117%) also were on the rise.
SonicWall discovered 293,989 never-before-seen malware variants, with 805 each day.
Bob VanKirk, SonicWall’s president and CEO, said the overall report cites a critical need for MSPs as attacks climbed in almost every statistical category.
SonicWall's Bob VanKirk
“[Last year] proved to be a year of volatile, adaptive and creative digital threats, as threat actors continue to be relentless in their assault, leaving organizations looking for another layer of defense," he said.
Scroll through our slideshow above for more from the CrowdStrike and SonicWall threat reports.
About the Author(s)
You May Also Like