Know them. Find them. Stop them.
The problem isn’t malware — it’s adversaries. To stop these adversaries, security teams must understand how they operate. In the 2023 Threat Hunting Report, CrowdStrike’s Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches.
583%
increase in Kerberoasting, a growing identity-based attack technique
312%
increase in remote monitoring and management (RMM) exploits
160%
increase in credential theft via cloud instance metadata APIs
79 minutes
average eCrime breakout time, a 5-minute drop from 2022
7 minutes
fastest eCrime breakout time recorded
62%
of interactive intrusions involved compromised identities
Expose adversaries and stop them in their tracks
Read the CrowdStrike 2023 Threat Hunting Report
Expose adversaries and stop them in their tracks
Key report insights
Identity threats have become mainstream
Overall, 62% of interactive intrusions involve compromised identities. It’s not surprising that identity-based intrusions are on the rise — stolen credentials give adversaries immediate access. There’s been a 583% increase in Kerberoasting and 147% increase in broker advertisements on the dark web since 2022, highlighting the growth in the end-to-end criminal ecosystem exploiting identity-based attacks.
Adversaries are getting smarter in the cloud
Threat actors are becoming cloud experts, knowing as much as or more about cloud environments than organizations do. As security teams adopt more cloud-based technologies, adversaries are becoming more adept at exploiting misconfigurations and abusing cloud management tools. In fact, adversaries are exploiting the cloud more than ever. There's been a 95% rise in cloud attacks and a 160% increase in credential theft via cloud instance metadata APIs.
eCrime is surging as adversaries become faster
Adversaries are breaking in and out of environments faster than ever. The average eCrime breakout time has dropped to 79 minutes. The fastest recorded time is just 7 minutes. Furthermore, eCrime threat actors are also finding more efficient ways to break in. Among them is the misuse of legitimate remote monitoring and management tools with a 312% increase since 2022.
Cross-platform proficiency is growing
Many of today’s adversaries confidently target and navigate multiple operating systems, with growing prowess in Linux and macOS. CrowdStrike OverWatch saw a 3X increase of adversaries replacing Pluggable Authentication Modules (PAM) with malicious modules in Linux — especially in the finance, technology, and services industries.
Discover the Adversaries Targeting You
Explore your threat landscape and find out which adversaries are targeting organizations like yours in the Adversary Universe.