CrowdStrike Report Maps Changes to Cybersecurity Landscape
A report published by CrowdStrike today highlighted how the cybersecurity threat landscape has shifted in the last year, with 71% of attacks detected not involving malware. In fact, the number of interactive intrusions involving hands-on-keyboard activity increased 50% in 2022, according to the report.
There was also a 20% increase in the number of adversaries conducting data theft and extortion campaigns as cybercriminals shifted away from encrypting data to extort a ransom and instead simply holding stolen data hostage.
The report also found attacks against cloud platforms increased by 95%, with the number of known threat actors targeting these platforms tripling.
Adam Meyers, head of threat intelligence for CrowdStrike, said it’s apparent cybercriminals are revamping tactics and techniques as they seek to circumvent cybersecurity platforms. Those attacks are now occurring faster, with breakout times now falling to, on average, 84 minutes. To be successful, security teams today need to be able to detect threats within the first minute, understand them within 10 minutes and respond within 60 minutes, according to the CrowdStrike report.
Other shifts included a 112% year-over-year increase in access broker advertisements on the dark web and the discovery of 33 new distinct adversaries, including SCATTERED SPIDER and SLIPPY SPIDER. There has also been an upsurge in attacks that appeared to be emanating from China, while attacks from Russia were not as widespread as anticipated when the war in Ukraine started.
Of course, more organizations are evolving their approach to cybersecurity as the threat landscape changes. Organizations are starting to embrace zero-trust architectures that require them to verify the identity of users, applications and machines before they can be trusted, noted Meyers. Previously, the approach had been to trust and then verify, he noted.
It’s not clear at what rate organizations are transitioning to a zero-trust approach to cybersecurity, but as adversaries become adept at launching more sophisticated cyberattacks, the need to revamp strategies is becoming more apparent. The simple fact is that organizations are locked in a perennial cybersecurity arms race. Each time cybersecurity teams eliminate a threat vector, cybercriminals will develop an alternative tactic, said Meyers. In some cases, the attack vector might be entirely new but it’s also just as likely to be a variant of a previous type of attack.
In the meantime, cybercriminals will continue seeking the path of least resistance. There’s not a compelling reason to develop advanced malware when a simple phishing attack that gives them access to credentials remains effective. The overall state of cybersecurity in many organizations could be dramatically improved simply by focusing on fundamentals such as ensuring root access is not routinely granted to every end user.
One way or another, it’s only a matter of time before cybersecurity improves. The only real question is whether those improvements will come about as a result of proactive efforts or in response to an easily preventable breach.
