Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report 2024 show that more and more attackers are using stolen credentials to exploit gaps in cloud environments while further increasing their stealth, speed and impact.
The report also sheds light on the top threats in 2024, including the manipulation of elections around the world and the use of generative AI, which lowers the barrier to entry and enables more sophisticated attacks. In the tenth edition of the cybersecurity leader's annual report, CrowdStrike takes a closer look at the activities of some of the more than 230 threat groups it currently tracks.
Key Findings
- Dramatic increase in attack speed: The speed of cyberattacks continues to increase at an alarming rate. According to the report, the average breakout time - the amount of time it takes attackers to move laterally from one compromised host within the environment to the next - is now just 62 minutes, down from 84 minutes last year. The fastest breakout time was just 2 minutes and 7 seconds. After successful initial access, an attacker only needs 31 seconds to use the first reconnaissance tools to further compromise the victims.
- Stealth attacks are increasing as attackers harvest credentials: The report finds a sharp increase in interactive attack attempts and hands-on keyboard activity (60%) as attackers increasingly use stolen credentials to gain access to target organizations.
- Attackers rely on the cloud, as more and more companies are moving their business activities to the cloud: attackers use valid access data to target the cloud - a challenge for defenders who have to distinguish between normal and malicious user behavior. According to the latest report, the number of cloud attacks has increased by 75%, with the number of cloud-related cases increasing by 110% compared to last year.
- The misuse of generative AI looming: In 2023, CrowdStrike observed nation-state actors and hacktivists experimenting with and attempting to abuse generative AI to democratize attacks and lower the barrier to entry for more complex operations. The report looks at how generative AI will be used for cyber activities in 2024 as the technology continues to gain popularity.
- Destabilization of democracy through attacks on elections worldwide: There are more than 2024 democratic elections scheduled in 40, and opponents of nation states and eCrime will have numerous opportunities to disrupt the electoral process or manipulate voters' opinions. Nation-state actors from China, Russia, and Iran are likely to conduct misinformation or disinformation operations to sow unrest amid geopolitical conflicts and global elections.
“Throughout 2023, CrowdStrike observed unprecedented stealth operations by brazen eCrime groups, sophisticated nation-state actors, and hacktivists targeting companies in all industries around the globe. Attackers' rapidly evolving technology has expanded to both the cloud and identity. At the same time, threat groups continue to experiment with new technologies, such as GenAI, to increase the success and speed of their malicious operations,” said Adam Meyers, head of Counter Adversary Operations at CrowdStrike. “To defeat the relentless attackers, organizations must adopt a platform-based approach based on threat intelligence and threat hunting to protect identity, prioritize cloud protection and gain comprehensive visibility into the organization’s risk areas.”
Cybersecurity Consolidation
CrowdStrike is driving cybersecurity consolidation in the AI era. The pioneer of attacker-centric security provides customers with intelligence on attacker activity, human-powered analysis and breakthrough technologies to stay ahead of threats. This unique approach combines the unmatched power of CrowdStrike Falcon Intelligence with the elite team of CrowdStrike Falcon OverWatch, as the foundation for the AI-native CrowdStrike XDR Falcon platform to accelerate investigations, eliminate threats and ultimately stop breaches.
More at CrowdStrike.com
About CrowdStrike CrowdStrike Inc., a global leader in cybersecurity, is redefining security in the cloud age with its completely redesigned platform for protecting workloads and devices. The lean single-agent architecture of the CrowdStrike Falcon® platform uses cloud-scaled artificial intelligence and ensures protection and transparency across the company. This prevents attacks on end devices both inside and outside the network. With the help of the company's own CrowdStrike Threat Graph®, CrowdStrike Falcon correlates around 1 trillion endpoint-related events worldwide every day and in real time. This makes the CrowdStrike Falcon platform one of the world's most advanced data platforms for cybersecurity.