A look at the newest Global Threat Report from CrowdStrike reminds businesses that the cyber landscape is always changing. Cyber criminals are switching up their tactics, trying to sidestep the latest protections businesses and security professionals have put in place. For a business, it can feel like you’re facing threats from every direction. But top cybersecurity experts are on the job.
The 2023 Global Threat Report is full of new and interesting insights. Here’s a look at what some of the world’s top cyber experts say about the state of cyber security in 2023.
2,500 Hacks for Sale
Persistence, determination and a broadening scope of targets — that’s how CrowdStrike describes the attitude of cyber criminals active in 2023. One of the ways this plays out is cyber criminals offering their services to other would-be criminals online. Think ransomware as a service or hacks for sale.
The report from CrowdStrike says more than 2,500 such advertisements for “access broker services” were identified across the criminal underground in 2022. It’s a 112% year-over-year increase from 2021, which CrowdStrike says suggests a rising demand for hackers.
33 New Adversaries
There aren’t only more cyber attacks taking place, there are more cyber attackers joining the party. As a top player in the cyber threat intelligence industry, CrowdStrike keeps tabs on a large number of cyber crime adversaries. That’s because most threat actors don’t hack one business and disappear. Instead, they commit multiple hacks, first against one company, and then another and another, with activities lasting months or years.
Last year, CrowdStrike identified 33 new hacking adversaries that were not previously known. Added to previously identified actors, the total identified active cyber criminal entities being tracked rises to more than 200.
3 High-Profile Hits
Most criminals prefer not to draw a lot of attention to themselves, knowing that when they do, they are more likely to face consequences. In cybercrime, these consequences are most often takedowns facilitated by law enforcement, criminal arrests and even extraditions across international borders to face serious charges. Yet last year, several cybercriminal hacking groups chose to voluntarily enter the spotlight.
CrowdStrike termed one such group Slippy Spider. This group targeted three global technology giants, namely Microsoft, Nvidia and Samsung, with high-profile data theft and extortion hits. The group leaked some of the stolen data in Telegram channels, including the companies’ source code, employee credentials and personally identifiable information, and sent high ransom demands in exchange for not leaking the rest of it.
2 Key Credential Targets
Another criminal group CrowdStrike identified has been named Scattered Spider. In 2022, this group conducted targeted social engineering campaigns against firms specializing in both customer relationship management and business process outsourcing. With credentials from these two critical business sectors, the hacking group was then able access the third-party computer systems of this sector’s business clients.
The social engineering campaigns used tricks to capture the bona fide credentials of employees, including VPN credentials, network device logins and even authentication keys for the enterprise-level secure access tool Okta. Once employee credentials were compromised, these firm’s business customers were targeted for SIM swapping scams, cryptocurrency theft and more.
95% More Cloud Attacks
In 2021, CrowdStrike predicted that exploitation of cloud computing would increase as more businesses moved more of their operations to cloud environments. This prediction turned out to be true. Cloud exploitation cases increased 95%, year over year, while cyber criminals known to have technological knowledge of how to exploit cloud vulnerabilities nearly tripled.
The report says both criminals and nation-state actors are exploiting cloud weaknesses. Sometimes valid accounts are used, but public-facing software applications can also be exploited. Many hackers are growing more confident exploiting cloud vulnerabilities. Additionally, CyberLock Defense predicts more growth in cloud attacks this year.
3 Top Hack Exploits
Cyber criminals use many tricks to gain access to victim computers, but three tricks stood out in 2022. One vulnerability called CVE-2022-29464 was exploited to execute code remotely and gather credentials and configurations. Another was a Log4Shell exploit used to gain access and gather password information related to a cloud hosting platform. A third used a third-party cloud management tool to gain access to Windows endpoints and install executable files on victim devices.
Software patches are supposed to close up these and other vulnerabilities so that they cannot be exploited. However, some hackers discovered that they could even attack the vulnerability patches themselves and easily get around some of them.
2 Big Adversaries
Geopolitics is playing a bigger role in cyber security these days, so it’s no surprise that some cyber attacks and incidents are being attributed to nation-state actors. Two big ones to note are Russia and China. The report notes that Russian cyber operations are supporting the war in Ukraine. In one case, a hack disrupted satellite communications providing connectivity to Ukraine.
Meanwhile, China-based adversaries were scaling up their operations in 2022, according to the report. As many as 39 global industry sectors and 20 geographic regions monitored by CrowdStrike were targeted in 2022. Besides these two big geopolitical players, hacking adversary groups were identified in Iran, Syria and eight other countries.
84 Minutes to Act
CrowdStrike’s research of hackers found that many hacks escalate quickly. The time it takes for a cyber adversary to move from an initial compromised host computer to another part of the same system stands at only 84 minutes. This lateral move makes it much harder to detect what the hacker is doing and kick them out of your systems.
The report notes that the breakout time for cyber criminals’ lateral movement is getting faster. In 2021, the average time was 98 minutes, while 2022’s time was 14 minutes faster. Security professionals have to act fast to prevent serious harm with these kinds of hacks. CrowdStrike recommends a 1-10-60 rule — detect threats within the first minute, understand them within the first 10 minutes and respond to them within 60 minutes.
Take Action With CyberLock Defense
CyberLock Defense can help protect your business from the latest cyber threat actors and their hacking exploits with our industry-leading Cyber Liability Insurance coverage, now available with broad coverage, flexible limit options and more. CyberLock Defense can help cover the cost of data restoration, business interruption, IT forensics, legal expenses, public relations and more.
Discover more benefits of cyber liability insurance for your business today. Visit CyberLockDefense.com or call us at (913) 652-7520.