Instead, malicious actors relied on stolen login credentials and unpatched vulnerabilities to penetrate their targets’ networks, according to the 2023 CrowdSrike Global Threat Report. CrowdStrike also reported a 112 percent increase in adverts by ransomware operators on the dark web last year compared to 2021. Interestingly, the report went on to note a 20 percent increase in the number of threat actors who stole data and extorted organizations without using ransomware. “We’re seeing more and more threat actors moving away from ransomware,” Adam Meyers, head of intelligence at CrowdStrike, told CRN. “Ransomware is noisy. It attracts attention. It’s detectable. Encryption is complex.”
Adversaries Targeted Cloud Environments in 2022
In last year’s report, CrowdStrike predicted that threat actors would move their focus to the cloud as many businesses moved their operations to these environments. Unfortunately for enterprises, this prediction came true. CrowdStrike found that adversaries became more “cloud-conscious.” The number of cloud exploitation cases increased by 95 percent. “This growth indicates a larger trend of eCrime and nation-state actors adopting knowledge and tradecraft to increasingly exploit cloud environments,” the report states. To gain access, threat actors used valid cloud accounts and public-facing applications. Actors also prioritized stealing data and subsequently using higher-privileged accounts for escalation. “Notably, in terms of defense evasion tactics, CrowdStrike Intelligence saw actors shift away from the deactivation of antivirus and firewall technologies, as well as from log-tampering efforts. Instead, they were observed seeking ways to modify authentication processes and attack identities,” the report added. CrowdStrike found that once an adversary gained access, they would engage in destructive behavior. This includes removing access, terminating services, and deleting data and resources.
China-Linked Threat Actors Most Active Intrusion Groups
CrowdStrike Intelligence found that China-linked threat actors were the most active intrusion groups in 2022. These actors primarily engaged in cyber espionage activities. “In 2022, China-nexus adversaries, and actors using TTPs consistent with them, were observed targeting nearly all 39 global industry sectors and 20 geographic regions we track,” CrowdStrike said. “These intrusions were likely intended to collect strategic intelligence, compromise intellectual property and further the surveillance of targeted groups, all of which are key Chinese Communist Party (CCP) intelligence goals,” it added. Furthermore, malicious actors continue to exploit the Log4shell vulnerability to target a wide range of exposed systems. A recent report by CSW also noted that ransomware actors are taking advantage of these vulnerabilities.
Prioritize Identity Protection and Cloud Security
CrowdStrike said prioritizing identity and cloud protection is crucial to address current cyber threats. “The increase in malware-free attacks, social engineering, and similar attempts to obtain access/credentials has made it clear that a traditional endpoint-only solution is not enough,” the report said. “Conditional risk-based access policies are required to reduce MFA burden and fatigue for legitimate users,” it adds. For more information on how to protect your organization, check out our article on the best cybersecurity practices for businesses in 2023.