2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack

Rhea-AI Summary

CrowdStrike (CRWD) releases the 2024 Global Threat Report highlighting a surge in cyberattacks exploiting stolen credentials and the use of generative AI. Key findings include a dramatic increase in attack velocity, a spike in stealthy attacks using compromised credentials, and the exploitation of generative AI for cyber activities in 2024.

Positive

• CrowdStrike's 2024 Global Threat Report reveals a surge in cyberattacks leveraging stolen identity credentials.
• The report highlights a dramatic increase in attack velocity, with the average breakout time decreasing to 62 minutes.
• Adversaries are increasingly using stolen credentials for interactive intrusions and hands-on-keyboard activities.
• Cloud intrusions have increased by 75%, posing a challenge for defenders to differentiate between normal and malicious user behavior.
• Nation-state actors and hacktivists are experimenting with generative AI to democratize attacks and lower the barrier of entry for more sophisticated operations.
• More than 40 democratic elections scheduled in 2024 are at risk of disruption by nation-state and eCrime adversaries.
• CrowdStrike emphasizes the need for organizations to adopt a platform-approach fueled by threat intelligence and hunting to protect against evolving threats.
• CrowdStrike's AI-native XDR Falcon platform combines threat intelligence, human-led analysis, and technology to accelerate investigations and stop breaches.

Negative

• None.

Cybersecurity Analyst

The findings of the CrowdStrike Global Threat Report are indicative of a rapidly evolving cyber threat landscape. The reduction in breakout time to an average of 62 minutes is particularly alarming. This metric, which measures the time it takes for an intruder to move laterally within a network after initial compromise, suggests that adversaries are becoming more efficient at navigating compromised systems. Organizations must therefore enhance their detection capabilities and response times to mitigate such risks.

The 60% increase in hands-on-keyboard activity and the exploitation of stolen credentials underscore the need for robust identity and access management solutions. The shift in focus towards cloud environments is also significant. With a 75% overall increase in cloud intrusions, it's clear that security measures must evolve in tandem with technology adoption, emphasizing the importance of cloud security expertise and solutions.

Lastly, the potential use of generative AI by adversaries represents a novel challenge. The ability to create sophisticated phishing campaigns or disinformation at scale could greatly enhance the effectiveness of cyberattacks. Organizations must stay abreast of these developments and invest in AI-driven security tools that can adapt to and counter such advanced tactics.

Political Risk Analyst

The report's focus on the disruption of global elections through cyber means carries significant implications for political stability and the integrity of democratic processes. The anticipated use of mis- and disinformation by nation-state actors to influence elections and public opinion is a pressing concern. It not only affects the targeted countries but also has repercussions for international relations and market stability.

Businesses operating in regions with upcoming elections may face heightened risks, including sanctions, regulatory changes, or shifts in consumer sentiment due to political upheaval. Companies should assess their exposure to such geopolitical risks and consider strategies for risk mitigation, such as diversifying markets or enhancing cybersecurity measures to protect against election-related cyber threats.

Cloud Security Specialist

The CrowdStrike report's emphasis on the increase in cloud intrusions is a critical observation for businesses increasingly dependent on cloud infrastructure. The 110% Year-over-Year amplification in cloud-conscious cases reflects the necessity for a paradigm shift in how cloud security is approached.

Traditional perimeter-based security models are inadequate for the cloud, where user credentials can provide direct access to vast amounts of data and resources. The difficulty in distinguishing between legitimate and malicious user behavior in the cloud necessitates advanced monitoring and analytics, as well as robust incident response protocols. As organizations continue to migrate to cloud services, they must prioritize the implementation of multi-factor authentication, zero-trust frameworks and continuous monitoring to safeguard their assets.

Report indicates adversaries seek to disrupt global elections and exploit generative AI technology

AUSTIN, Texas--(BUSINESS WIRE)-- CrowdStrike (Nasdaq: CRWD) today announced the findings of the 2024 CrowdStrike Global Threat Report, highlighting a surge in adversaries leveraging stolen identity credentials to exploit gaps in cloud environments and maximize the stealth, speed and impact of cyberattacks. The report also details the biggest threats on the horizon for 2024, including the disruption of global elections and the exploitation of generative AI to lower the barrier of entry and launch more sophisticated attacks.

In the 10th annual edition of the cybersecurity leader’s seminal report, CrowdStrike highlights activity from some of the 230+ prolific threat groups that it tracks today. Key findings in the 2024 report include:

• Dramatic Increase in Attack Velocity: The speed of cyberattacks continues to accelerate at an alarming rate. The report indicates that the average breakout time is down to only 62 minutes from 84 in the previous year (with the fastest recorded attack coming in at 2 minutes and 7 seconds). Once initial access was obtained, it took only 31 seconds for an adversary to drop initial discovery tools in an attempt to compromise victims.
• Stealthy Attacks Spike as Adversaries Compromise Credentials: The report notes a sharp increase in interactive intrusions and hands-on-keyboard activity (60%) as adversaries increasingly exploit stolen credentials to gain initial access at targeted organizations.
• Adversaries Follow as Business Moves to the Cloud: Adversaries turned their sights to the cloud through valid credentials – creating a challenge for defenders looking to differentiate between normal and malicious user behavior. The report shows cloud intrusions increased by 75% overall with cloud-conscious cases amplifying by 110% Year-over-Year.
• The Exploitation of Generative AI on the Horizon: In 2023, CrowdStrike observed nation-state actors and hacktivists experimenting with and seeking to abuse generative AI to democratize attacks and lower the barrier of entry for more sophisticated operations. The report highlights how generative AI will likely be used for cyber activities in 2024 as the technology continues to gain popularity.
• Disrupting Democracy by Targeting Global Elections: With more than 40 democratic elections scheduled in 2024, nation-state and eCrime adversaries will have numerous opportunities to disrupt the electoral process or sway voter opinion. Nation-state actors from China, Russia and Iran are highly likely to conduct mis- or disinformation operations to sow disruption against the backdrop of geoconflicts and global elections.

“Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen eCrime groups, sophisticated nation-state actors and hacktivists targeting businesses in every sector spanning the globe. Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard of speed, while threat groups continued to experiment with new technologies, like GenAI, to increase the success and tempo of their malicious operations,” said Adam Meyers, head of Counter Adversary Operations, CrowdStrike. “To defeat relentless adversaries, organizations must embrace a platform-approach, fueled by threat intelligence and hunting, to protect identity, prioritize cloud protection, and give comprehensive visibility into areas of enterprise risk.”

As the cybersecurity consolidator in the AI-era, CrowdStrike pioneered the adversary-focused approach to cybersecurity and provides customers with adversary-driven intelligence, human-led analysis and the groundbreaking technology required to stay ahead of threats. This unique approach combines the unparalleled power of CrowdStrike Falcon® Intelligence with CrowdStrike Falcon® OverWatch’s elite team of threat hunters to fuel the AI-native CrowdStrike XDR Falcon® platform to accelerate investigations, remediate threats and ultimately stop breaches.

Additional Resources

• Download the 2024 CrowdStrike Global Threat Report.
• To learn more about CAO’s new modules, please visit our website.
• Visit CrowdStrike’s Adversary Universe for the internet’s definitive source on adversaries.
• Listen to the Adversary Universe podcast to glean insights into threat actors and recommendations for bolstering security.

About CrowdStrike

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/

Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram

Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2024 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240221587143/en/

Kirsten Speas

CrowdStrike Corporate Communications

press@crowdstrike.com

Source: CrowdStrike

FAQ

What does the 2024 CrowdStrike Global Threat Report highlight?

The report highlights a surge in cyberattacks exploiting stolen identity credentials and the use of generative AI.

What is the average breakout time for cyberattacks according to the report?

The average breakout time has decreased to 62 minutes, with the fastest recorded attack coming in at 2 minutes and 7 seconds.

How are adversaries compromising organizations according to the report?

Adversaries are increasingly exploiting stolen credentials for interactive intrusions and hands-on-keyboard activities.

What challenge do defenders face in the cloud environment based on the report?

Defenders struggle to differentiate between normal and malicious user behavior in the cloud environment due to a 75% increase in cloud intrusions.

Which technology are nation-state actors and hacktivists experimenting with for cyber activities?

Nation-state actors and hacktivists are experimenting with and seeking to abuse generative AI to lower the barrier of entry for more sophisticated operations.

How many democratic elections are at risk of disruption in 2024 according to the report?

More than 40 democratic elections scheduled in 2024 are at risk of disruption by nation-state and eCrime adversaries.

What approach does CrowdStrike recommend for organizations to protect against evolving threats?

CrowdStrike recommends organizations to adopt a platform-approach fueled by threat intelligence and hunting.

What does CrowdStrike's XDR Falcon platform combine to combat threats effectively?

CrowdStrike's XDR Falcon platform combines threat intelligence, human-led analysis, and technology to accelerate investigations and stop breaches.