CrowdStrike report shows identities under siege

Cyberattacks exploiting gaps in cloud infrastructure — to steal credentials, identities and data — skyrocketed in 2022, growing 95%, with cases involving “cloud-conscious” threat actors tripling year-over-year. That’s according to CrowdStrike’s 2023 Global Threat Report.

The report finds bad actors moving away from deactivation of antivirus and firewall technologies, and from log-tampering efforts, seeking instead to “modify authentication processes and attack identities,” it concludes.

Today, identities are under siege across a vast threatscape. Why are identities and privileged access credentials the primary targets? It’s because attackers want to become access brokers and sell pilfered information in bulk at high prices on the dark web.

CrowdStrike’s report provides a sobering look at how quickly attackers are reinventing themselves as access brokers, and how their ranks are growing. The report found a 20% increase in the number of adversaries pursuing cloud data theft and extortion campaigns, and the largest-ever increase in numbers of adversaries — 33 new ones found in just a year. Prolific Scattered Spider and Slippery Spider attackers are behind many recent high-profile attacks on telecommunications, BPO and technology companies.

Attacks are setting new speed records

Attackers are digitally transforming themselves faster than enterprises can keep up, quickly re-weaponizing and re-exploiting vulnerabilities. CrowdStrike found threat actors circumventing patches and sidestepping mitigations throughout the year.

The report states that “the CrowdStrikeFalcon OverWatch team measures breakout time — the time an adversary takes to move laterally, from an initially compromised host to another host within the victim environment. The average breakout time for interactive eCrime intrusion activity declined from 98 minutes in 2021 to 84 minutes in 2022.”

CISOs and their teams need to respond more quickly, as the breakout time window shortens, to minimize costs and ancillary damages caused by attackers. CrowdStrikes advises security teams to meet the 1-10-60 rule: detecting threats within the first minute, understanding the threats within 10 minutes, and responding within 60 minutes…

Read Full Article: Venture Beat

Tosin Vaithilingam
Navigating Economic Uncertainty: Strategies for IT Leaders and MSPs Lately, it seems that each day brings news of more economic uncertainty. Companies that have been navigating the pandemic for the past two and a half ...
Gary Bernstein
Common DevOps Misconceptions 86% of businesses say it’s important for their company to develop and produce new software fast to win market share and beat the competition, Harvard Business Review reveals. Yet, just 10% of businesses ...
David Discenza
Four Ways to Improve Cybersecurity (Updated: December 9th, 2022 ) Cyber-attacks on businesses have become common place. In fact, it’s estimated that a cyber-attack occurs every 39 seconds. Who are the targets of these attacks? ...
Mark Ardito
OPEX is the new battleground I recently wrote in CloudTweaks about how cloud is forcing CIOs to work more closely with their C-suite colleagues to sell the benefits and its role as a business driver ...
Gary Bernstein
WordPress Website Security You've spent time, effort, and money building your website, so don't let it become outdated and run-down by not taking proper care of it. Here are tips on WordPress Website security, speed, ...
Get Smarter
Higher Education A big challenge for professionals of all ages is time. Balancing the responsibilities of work and life leave little time for self-improvement in the form of education. But ongoing education is more than ...
Drew Firment
Stop Focusing on Cloud Adoption and Start Focusing on Cloud Maturity For the past several years, most organizations have made it their priority to shift much of their applications and data from on-premises to the ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Holiday Access.png
Disaster Recovery Plan.png
The Report.png
Data Bed.png

PLURALSITE

Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 

(ISC)²

(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.

CYBRARY

CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.