The Right Stack
  • Cloud, Developer, AI, and Security Survey Collection
  • Blog

2023 Threat Hunting Report | CrowdStrike

Vendor Sponsor
Crowdstrike
Research Published
August 8, 2023
Link to research
https://www.crowdstrike.com/resources/reports/threat-hunting-report/
Demographic or Methodology comments

Topic Tags
Multi-CloudDevSecOpsIncidentsAttacks and ThreatsSecurity
Demographics
Created time
Aug 8, 2023 10:48 PM
Directory name

The Rightstack Research DB

image

Know them. Find them. Stop them.

The problem isn’t malware — it’s adversaries. To stop these adversaries, security teams must understand how they operate. In the 2023 Threat Hunting Report, CrowdStrike’s Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches.

583%

increase in Kerberoasting, a growing identity-based attack technique

312%

increase in remote monitoring and management (RMM) exploits

160%

increase in credential theft via cloud instance metadata APIs

79 minutes

average eCrime breakout time, a 5-minute drop from 2022

7 minutes

fastest eCrime breakout time recorded

62%

of interactive intrusions involved compromised identities

Expose adversaries and stop them in their tracks

Download now

image

Read the CrowdStrike 2023 Threat Hunting Report

Expose adversaries and stop them in their tracks

Download now

Key report insights

Identity threats have become mainstream

Overall, 62% of interactive intrusions involve compromised identities. It’s not surprising that identity-based intrusions are on the rise — stolen credentials give adversaries immediate access. There’s been a 583% increase in Kerberoasting and 147% increase in broker advertisements on the dark web since 2022, highlighting the growth in the end-to-end criminal ecosystem exploiting identity-based attacks.

image

Adversaries are getting smarter in the cloud

Threat actors are becoming cloud experts, knowing as much as or more about cloud environments than organizations do. As security teams adopt more cloud-based technologies, adversaries are becoming more adept at exploiting misconfigurations and abusing cloud management tools. In fact, adversaries are exploiting the cloud more than ever. There's been a 95% rise in cloud attacks and a 160% increase in credential theft via cloud instance metadata APIs.

image

eCrime is surging as adversaries become faster

Adversaries are breaking in and out of environments faster than ever. The average eCrime breakout time has dropped to 79 minutes. The fastest recorded time is just 7 minutes. Furthermore, eCrime threat actors are also finding more efficient ways to break in. Among them is the misuse of legitimate remote monitoring and management tools with a 312% increase since 2022.

image

Cross-platform proficiency is growing

Many of today’s adversaries confidently target and navigate multiple operating systems, with growing prowess in Linux and macOS. CrowdStrike OverWatch saw a 3X increase of adversaries replacing Pluggable Authentication Modules (PAM) with malicious modules in Linux — especially in the finance, technology, and services industries.

image

Discover the Adversaries Targeting You

Explore your threat landscape and find out which adversaries are targeting organizations like yours in the Adversary Universe.

The Right Stack

Vendor research collection

Linkedin

Threads

RSS Feed