The must-read cybersecurity report of 2023

The must-read cybersecurity report of 2023

By: George Kurtz - CEO and Co-Founder of CrowdStrike

The latest edition of the CrowdStrike Global Threat Report comes at an important  time for protectors around the world. As organizations focus on managing remote  and hybrid teams, operationalizing years of digital transformation and navigating  an uncertain global economy, adversaries have become more sophisticated, relentless  and damaging in their attacks. As a result, a number of disruptive trends emerged in 2022  that threaten productivity and global stability.

The year started ominously as Russia’s deadly war of aggression in Ukraine brought about  a terrible human toll, threatened international order and put countless global organizations  at risk of spillover cyberattacks. At the same time, China state-nexus adversaries ramped up  their cyber espionage campaigns, and Iranian actors launched destructive “lock-and-leak”  operations using ransomware.

These growing nation-state attacks coincided with organizations struggling to manage  an explosive landscape of vulnerabilities that amplified systemic risk. The constant  disclosure of vulnerabilities affecting legacy infrastructure like Microsoft Active Directory  continued to burden security teams and present an open door to attackers, while the  ubiquitous Log4Shell vulnerability ushered in a new era of “vulnerability rediscovery,”  during which adversaries modify or reapply the same exploit to target other similarly  vulnerable products.

Even our wins on the security front were tempered by the adversaries’ ability to adapt.  Collaboration between the government and private sector dramatically improved, resulting  in the arrest and dismantling of some of the world’s most notorious ransomware gangs —  only to see splinter groups recalibrate and flourish.

Stopping breaches requires an understanding of the adversary, including their  motivations, techniques and how they’re going to target your organization. Developed based on the firsthand observations of our elite cyber responders and analysts,  CrowdStrike’s annual Global Threat Report provides this actionable intelligence to protectors around the world.

Last year, CrowdStrike’s Global Threat Report highlighted that 80% of cyberattacks leveraged identity-based techniques to compromise legitimate credentials and try to evade detection. This year, the report shows adversaries are doubling down on stolen credentials, with a 112% year-over-year increase in advertisements for access-broker services identified in the criminal underground. Organizations armed with this knowledge last year were able to harden their defenses and stay a step ahead of the adversary.

Other details and insights you’ll learn from this year’s report include: 

• How a new, emerging class of eCrime threat actors is using fileless attacks to  target high-profile organizations with devastating campaigns
• Why identity protection continues to be a core requirement for risk mitigation as  adversaries ramp up attacks on multifactor authentication
• Why adversaries are accelerating cloud exploitation and the tactics they’re using  to compromise cloud infrastructure
• How adversaries have created a new “state of the art” for vulnerability exploitation  to sidestep patches and why the industry needs to demand more secure software

These are just a few of the critical takeaways from this year’s report that will help you improve your business resilience and harden your security posture. 

The report shows that security must parallel the slope of technology innovation. As technology matures, security has to mature and match the innovation of the technology running our organizations. The same thing can be said for the adversary.  With every innovation we achieve, we can expect the adversary to actively seek ways to exploit it. From the cloud to Kubernetes, from AI to applications, and more, as technology gets more complex and provides tremendous operational gains, security must evolve to protect the productivity we gain. 

At CrowdStrike, our mission today is the same as when we started: to stop breaches so our customers can move forward. Our focus is on delivering the platform, technology and intelligence needed to keep you ahead of the adversary. This is why we’ve unified and delivered critical protections like endpoint and extended detection and response  (EDR and XDR), identity threat protection, cloud security, vulnerability and risk management, threat intelligence and much more — all from a single platform. 

 I hope you find this report instructive in how we can continue to work together to protect the world from those who mean to do harm. Security starts with knowledge — of the adversaries targeting us, their tactics and the vulnerabilities they’ll seek to exploit. With that knowledge comes resolve, that together we can prevail.

MORE THAN 2,500 ADVERTISEMENTS FOR 
ACCESS WERE IDENTIFIED ACROSS THE CRIMINAL 
UNDERGROUND, REPRESENTING A 112% INCREASE 
COMPARED TO 2021 AND DEMONSTRATING
A CLEAR DEMAND FOR ACCESS BROKER SERVICES.

The 2022 cyber threat landscape was defined by persistence, increased target scope and relentless determination. As businesses began to ease pandemic-driven operating environments and adjust to geopolitical shifts and growing economic hardships, adversaries supporting nation-state, eCrime and hacktivist motivations started 2022 with a relentless show of effort that endured throughout the year.

Nation-state adversaries engaged in relentless computer network operations throughout 2022, emphasizing the integral role these operations play in supporting state goals.Russian state-nexus adversaries combined destructive, espionage and information operations (IO) attacks in constant support of the Ukraine war, and China statenexus adversaries dominated the cyber threat landscape with a significant increase in espionage operation volume and target scope. Iran continued to focus on regional espionage campaigns and their now-signature destructive “lock-and-leak” operations leveraging ransomware, and Democratic People’s Republic of Korea (DPRK) state-nexus adversaries persisted in cryptocurrency theft campaigns to supplement state funds in the wake of the COVID-19 pandemic and the nation’s long-standing economic hardship.

Over the course of 2022, eCrime adversaries continued to prove their ability to adapt, splinter, regroup, and flourish in the face of defensive measures. After some of the biggest and most notorious ransomware enterprise shutdowns, ransomware affiliates moved to new ransomware-as-a-service (RaaS) operations. Additionally, more than 2,500 advertisements for access were identified across the criminal underground, representing a 112% increase compared to 2021 and demonstrating a clear demand for access broker services.

CrowdStrike Intelligence also observed an increase in social engineering using human interaction, such as vishing, to successfully download malware or circumvent multifactor authentication (MFA), proving direct interaction with victims remains a valuable asset to eCrime operations.

Hacktivists in 2022 embraced an environment of misinformation, capitalizing on major geopolitical shifts to relentlessly stoke national unrest and promote specific ideologies. While much of their activity concentrated on entities within the Russo-Ukrainian region, increased spillover activity involving the targeting of near-abroad, European and U.S. entities occurred throughout the latter half of 2022 into 2023.

Download the PDF file below