The new Threat Hunting Report considers attack trends and tactics between July 2022 and June 2023.
The key findings of the report include:
The average breakout time – the time it takes for attackers to move laterally from one compromised host to the next within their victim’s environment – hits a new low of 79 minutes (up from 84 minutes in 2022). The shortest breakout time of the year was a record time of just 7 minutes.
Misuse of Credentials
Attackers are increasingly relying on identity-based attacks: 62 percent of interactive attack attempts were based on the misuse of valid access data. At the same time, attempts to obtain secret keys and other credentials from cloud instances via metadata APIs increased by 160 percent.
Also of concern is the increase in the number of kerberoasting attacks, which rose by 583 percent. This is a technique that attackers can use to obtain valid Active Directory account credentials, which often give them elevated privileges and allow them to remain undetected in their victims' environments for extended periods of time.
Technology companies most affected
The number of interactive attack attempts increased by 40 percent year-on-year, with technology being the most targeted sector for the sixth straight year, followed by financial, retail and healthcare, and telecom.
The number of access broker listings served on the Dark Web is up 147 percent, a significant 35 percent increase compared to 6 months ago.
Go straight to the report at CrowdStrike.com
About CrowdStrike CrowdStrike Inc., a global leader in cybersecurity, is redefining security in the cloud age with its completely redesigned platform for protecting workloads and devices. The lean single-agent architecture of the CrowdStrike Falcon® platform uses cloud-scaled artificial intelligence and ensures protection and transparency across the company. This prevents attacks on end devices both inside and outside the network. With the help of the company's own CrowdStrike Threat Graph®, CrowdStrike Falcon correlates around 1 trillion endpoint-related events worldwide every day and in real time. This makes the CrowdStrike Falcon platform one of the world's most advanced data platforms for cybersecurity.
Matching articles on the topic