Cyber adversaries are increasingly targeting cloud environments as they explore new ways to attack global organizations, according to the 2023 Global Threat Report from CrowdStrike. Cloud exploitation increased 95% year over year in 2022, CrowdStrike reported. Also, the number of cases involving "cloud-conscious" threat actors nearly tripled year over year.
CrowdStrike Report Takeaways
Other key takeaways from CrowdStrike's report include:- Cyber adversaries are re-weaponizing and re-exploiting vulnerabilities. Log4Shell continued to "ravage the internet," CrowdStrike indicated. Meanwhile, cybercriminals frequently exploited known and new vulnerabilities like ProxyNotShell and Follina to bypass patches and mitigations.
- Human adversaries are looking beyond malware to evade antivirus software. Approximately 71% of cyberattacks detected were free of malware, up from 62% one year earlier. In addition, interactive intrusions (cyberattacks involving hands-on-keyboard activity) rose 50% year over year.
- Cybercriminals are investing in dark web ads. CrowdStrike reported a 112% year-over-year increase in access broker advertisements on the dark web, which highlights the value of and demand for identity and access credentials in the underground economy.
- Thirty-three new cyber adversaries were discovered. This marks the largest increase in new cyber adversaries found that CrowdStrike has observed over the course of one year.
- China-linked espionage increased globally. There was a rise in China-linked adversary activity that affected organizations across 39 industry sectors and 20 geographic regions.
- Threat actors are working faster than ever before. The average eCrime breakout time fell from 98 minutes in 2021 to 84 minutes in 2022.
- Cybercriminals are using social engineering tactics to target human interactions. Many cyber adversaries used vishing to circumvent multi-factor authentication (MFA) and lure victims to download malware.
