March 16, 2023

CrowdStrike report shows identities under siege

By Cloud Syndicate

Cyberattacks exploiting gaps in cloud infrastructure — to steal credentials, identities and data — skyrocketed in 2022, growing 95%, with cases involving “cloud-conscious” threat actors tripling year-over-year. That’s according to CrowdStrike’s 2023 Global Threat Report.

The report finds bad actors moving away from deactivation of antivirus and firewall technologies, and from log-tampering efforts, seeking instead to “modify authentication processes and attack identities,” it concludes.

Today, identities are under siege across a vast threatscape. Why are identities and privileged access credentials the primary targets? It’s because attackers want to become access brokers and sell pilfered information in bulk at high prices on the dark web.

CrowdStrike’s report provides a sobering look at how quickly attackers are reinventing themselves as access brokers, and how their ranks are growing. The report found a 20% increase in the number of adversaries pursuing cloud data theft and extortion campaigns, and the largest-ever increase in numbers of adversaries — 33 new ones found in just a year. Prolific Scattered Spider and Slippery Spider attackers are behind many recent high-profile attacks on telecommunications, BPO and technology companies.

Attacks are setting new speed records

Attackers are digitally transforming themselves faster than enterprises can keep up, quickly re-weaponizing and re-exploiting vulnerabilities. CrowdStrike found threat actors circumventing patches and sidestepping mitigations throughout the year.

The report states that “the CrowdStrikeFalcon OverWatch team measures breakout time — the time an adversary takes to move laterally, from an initially compromised host to another host within the victim environment. The average breakout time for interactive eCrime intrusion activity declined from 98 minutes in 2021 to 84 minutes in 2022.”

CISOs and their teams need to respond more quickly, as the breakout time window shortens, to minimize costs and ancillary damages caused by attackers. CrowdStrikes advises security teams to meet the 1-10-60 rule: detecting threats within the first minute, understanding the threats within 10 minutes, and responding within 60 minutes…

Read Full Article: Venture Beat

Cloud Syndicate

Welcome to the 'Cloud Syndicate,' a curated community featuring short-term guest contributors, curated resources, and syndication partners covering diverse technology topics. Connect your technology article or news feed to our syndication network for broader visibility. Explore the intersections of cloud computing, Big Data, and AI through insightful articles and engaging podcasts. Stay ahead in the dynamic world of technology with our platform for thought leadership and industry news.

Join us as we delve into the latest trends and innovations.
The Lighter Side Of The Cloud
Daniel Barber

Q&A Daniel Barber – 2024 AI + Data Privacy Predictions

2024 AI + Data Privacy Predictions In a recent interview with CloudTweaks, Daniel Barber, Co-Founder [...]
Read more
Bill Britton

Pioneering Cybersecurity Education: An Interview with Cal Poly’s CIO Bill Britton

Interview with Cal Poly’s CIO Bill Britton Welcome to CloudTweaks, where today we’re diving into [...]
Read more
Premkumar Balasubramanian

It Can Be The Year of Right Clouding – But Avoid Potential Pitfalls

Some people are calling 2023 The Year of Cloud Repatriation. I think this is a bit inflammatory. [...]
Read more
Dmytro Reshetchenko

Digital Solutions for Legal Matchmaking: The Role of AI in Connecting Clients with Lawyers

The Role of AI in Connecting Clients with Lawyers The legal industry is transforming significantly [...]
Read more

Data Security in the Cloud: 5 Critical Best Practices

What Is Data Security in the Cloud? Data security in the cloud refers to the [...]
Read more
Michael Kleef

Akamai’s Michael Kleef Reveals Key Shifts in Cloud Computing Landscape

Welcome to a conversation with Michael Kleef, Vice President of Product Marketing, Developer Advocacy, and [...]
Read more
Unlock unparalleled exposure for your brand with CloudTweaks' premium sponsorship and advertising programs. Reach a global audience, amplify your message, and drive growth with our tailored solutions. Partner with us today and elevate your marketing strategy to new heights!
© 2024 CloudTweaks. All rights reserved.