CrowdStrike's annual threat hunting report shows that cybercrime actors are not taking a break. The report shows that a potential cyber attack is identified every seven minutes. The breakout time for eCrime actors has also fallen.
CrowdStrike, a leading provider of cloud-based protection for endpoints, cloud workloads, identity and data, today released its fourth annual threat hunting report Nowhere to Hide: 2022 Falcon OverWatch Threat Hunting Report. The global report shows a record-breaking 50 percent year-over-year increase in hands-on attack attempts, as well as significant shifts in attack trends and attacker tactics.
Over 77.000 potential attack attempts
Falcon OverWatch Threat Hunters have identified more than 77.000 potential attack attempts, which equates to approximately one attack attempt every seven minutes. These are instances where proactive, human-led threat hunting has uncovered attackers actively employing malicious techniques at various stages of the attack chain. They do everything they can to evade the autonomous detection methods.
Falcon OverWatch calculated in its Threat Hunting Report that the breakout time (i.e. the average time it takes an attacker to move from the initial compromise to other hosts within the victim environment) for eCrime attackers has dropped to 1 hour and 24 minutes is - compared to 1 hour and 38 minutes that Falcon OverWatch calculated for the CrowdStrike Global Threat Report 2022. Additionally, the OverWatch team found that in approximately one-third (30%) of these eCrime attacks, the attacker was able to move laterally in less than 30 minutes. These results underscore the speed and extent at which threat actors are evolving their Tactics, Techniques and Procedures (TTPs) and are able to bypass even the most advanced technology-based defenses to successfully achieve their goals.
Only 1 hour for retransmission
"Over the past 12 months, the world has faced new challenges driven by economic pressures and geopolitical tensions, creating a threat landscape that is more complicated than ever," said Param Singh, vice president, Falcon OverWatch at CrowdStrike . “To slow down bold threat actors, security teams must implement solutions that proactively scan for stealth and advanced attacks XNUMX/XNUMX. The combination of the CrowdStrike Falcon platform with the telemetry, tools, threat intelligence and human ingenuity of the Falcon OverWatch Threat Hunter protects organizations worldwide from the most sophisticated and elusive threats.”
Other important findings of the report
- eCrime is primarily responsible for interactive intrusion campaigns. eCrime was responsible for 43 percent of interactive break-ins, while state actors accounted for 18 percent of activity. Hacktivists accounted for only XNUMX percent of interactive intrusion campaigns, while the remaining intrusions could not be attributed.
- Attackers are relying less and less on malware. Malware-free attacks accounted for 71 percent of all detections indexed by the CrowdStrike Threat Graph. The prevalence of malware-free attacks is related in part to attackers' widespread misuse of valid credentials to facilitate entry and persistence in victim environments. Another factor is the speed with which new vulnerabilities are discovered and the speed with which attackers are able to implement exploits.
- The technology industry is the top target industry for interactive attacks. The top five target industries are technology (19%), telecom (10%), manufacturing (7%), higher education (7%) and healthcare (7%). Notably, the technology industry has been targeted by interactive intruders nearly twice as often as the second most targeted industry.
- The telecommunications sector is the most important industry for targeted attacks by state actors. The top five target industries are Telecom (37%), Technology (14%), Government (9%), Academia (5%) and Media (4,5%). The telecommunications industry continues to be the target of government-sponsored surveillance, intelligence and counterintelligence efforts. The telecoms industry experienced 163 percent more targeted interventions by government actors than the second most targeted industry.
- Healthcare is in the crosshairs of ransomware-as-a-service (RaaS). The volume of attempted interactive attacks on healthcare has doubled compared to last year. The vast majority of these break-ins are attributed to eCrime.
The report encompasses insights from Falcon OverWatch's global threat hunting activities from July 1, 2021 to June 30, 2022 and includes detailed attack data and analysis, case studies and actionable recommendations.
More at CrowdStrike.com
About CrowdStrike CrowdStrike Inc., a global leader in cybersecurity, is redefining security in the cloud age with its completely redesigned platform for protecting workloads and devices. The lean single-agent architecture of the CrowdStrike Falcon® platform uses cloud-scaled artificial intelligence and ensures protection and transparency across the company. This prevents attacks on end devices both inside and outside the network. With the help of the company's own CrowdStrike Threat Graph®, CrowdStrike Falcon correlates around 1 trillion endpoint-related events worldwide every day and in real time. This makes the CrowdStrike Falcon platform one of the world's most advanced data platforms for cybersecurity.