According to CrowdStrike, the average time it takes for an attacker to laterally move from a compromised host has decreased by 14% between 2021 and 2022, putting more pressure on incident response teams.
A threat intelligence company 2023 Global Threat Report From the trillions of daily events generated by our endpoint protection platforms and insights from our threat hunting teams.
Last year, incident responders warned that the time to contain a breach was even shorter after the initial breach.
“Responding within the breakout window allows defenders to minimize costs and other damage done by attackers,” the report explains. “Security teams are encouraged to meet his 1-10-60 rule of detecting threats within his first minute, understanding threats within 10 minutes, and responding within 60 minutes. .”
The challenge of detecting suspicious activity is also exacerbated as attackers continue to evade malware in favor of exploiting valid credentials for access and persistence.
Malware-free activity will account for 71% of all detections in 2022, up from 62% in 2012, while “interactive intrusions” (i.e., manual, non-automated attacks) will increase by 50% over this period. surged.
CrowdStrike claims that these “hands-on-keyboard” techniques make it difficult for traditional anti-malware tools to detect malicious activity.
Separately, the report points to an increase in social engineering tactics such as direct vishing of victims to download malware, SIM swapping to bypass multi-factor authentication (MFA) and “MFA fatigue.” bottom.
Cloud systems have emerged as a prime target in 2022. Exploitation of cloud workloads has increased by 95%, and cases involving “cloud-aware actors” have tripled since 2021. Accounts, reports claimed.
CrowdStrike also observed a worrying new trend regarding “deleting account access, destroying data, deleting resources, and suspending services.”
The cybercrime supply chain looks set to strengthen in 2022, with CrowdStrike recording a 112% year-over-year increase in early access broker advertising on the dark web.
Adam Meyers, CrowdStrike’s head of intelligence, argued that 2022 has seen the emergence of a unique mix of cyberthreats.
“The splintered eCrime groups have re-emerged with greater sophistication, evading vulnerabilities patched or mitigated by constant attackers, and the feared threat of the Russian-Ukrainian conflict has been threatened by a growing number of It has overshadowed the more sinister and successful traction by China-related adversaries,” he added.
“Today’s threat actors are smarter, more sophisticated and more resourceful than ever before. Only by doing so can companies stay ahead of today’s increasingly unforgiving adversaries.”
