A new report released today by CrowdStrike Holdings Inc. warns of a surge in adversaries leveraging stolen identify credentials to exploit gaps in cloud environments and to maximize the steal, speed and impact of cyberattacks.

The 10th annual 2024 CrowdStrike Global Threat Report delves into data from 2023 and the biggest threats on the horizon in 2024, including the exploitation of generative artificial intelligence to lower the barrier of entry to launch more sophisticated attacks.

In 2023, CrowdStrike observed a dramatic increase in attack velocity, with the speed of cyberattacks accelerating at what the report describes as an alarming rate. The average breakout time — the interval an attacker requires to extend their reach from the initially compromised entry point to other parts of the network after infiltration — fell to 62 minutes in 2023 versus 79 minutes in 2022.

The fastest attack in 2023 was recorded at two minutes and seven seconds. Once initial access was obtained, it took only 31 seconds for an adversary to drop initial discovery tools in an attempt to compromise victims.

2023 saw an increase in stealthy attacks as adversaries continued to compromise credentials. The report notes a 60% increase in interactive intrusions and hands-on-keyboard activity. Interactive intrusions and hands-on-keyboard activity refer to cyber attacks where the attacker actively engages with the compromised system in real time, directly executing commands, moving laterally across the network and adapting their tactics as needed based on the environment and defenses they encounter.

Stolen credentials were also popular among adversaries when it comes to accessing the cloud, with cloud intrusions up by 75% overall last year. Cloud-conscious cases, security incidents or considerations specifically focused on cloud environments, were up 110% year-over-year.

Any report about cybersecurity in 2023 will mention generative AI and CrowdStrike’s report is no different, but where it gets interesting is who is using the technology. In 2023, CrowdStrike observed nation-state actors and hacktivists experimenting with and seeking to abuse generative AI to democratize attacks and lower the barrier of entry for more sophisticated operations.

“Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen eCrime groups, sophisticated nation-state actors and hacktivists targeting businesses in every sector spanning the globe,” Adam Meyers, head of counter adversary operations at CrowdStrike, explains. “Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard-of speed, while threat groups continued to experiment with new technologies, like gen AI, to increase the success and tempo of their malicious operations.”

Image: CrowdStrike