Threat actors move beyond ransomware to exploit new (and old) techniques
Cybercrime actors are shifting away from ransomware to new, innovative techniques, according to the latest CrowdStrike Global Threat Report released today.
The report shows 71 percent of attacks detected in the last year were malware-free (up from 62 percent in 2021) and interactive intrusions (hands on keyboard activity) increased 50 percent in 2022. This shows how sophisticated human adversaries are increasingly looking to evade antivirus protection and outsmart machine-only defenses.
There's also been a 112 percent year-on-year increase in access broker advertisements on the dark web -- illustrating the value of and demand for identity and access credentials in the underground economy.
Cloud exploitation also grew by 95 percent and the number of 'cloud-conscious' threat actors nearly tripled year-on-year as adversaries are increasingly targeting cloud environments.
There's evidence too that adversaries are re-weaponizing and re-exploiting vulnerabilities. Log4Shell has continued to ravage the internet, while both known and new vulnerabilities, like ProxyNotShell and Follina -- two of Microsoft's 28 zero days and 1,200 patches -- have been broadly exploited as nation-state and crime adversaries circumvented patches and side stepped mitigations.
"The past 12 months brought a unique combination of threats to the forefront of security. Splintered eCrime groups re-emerged with greater sophistication, relentless threat actors sidestepped patched or mitigated vulnerabilities, and the feared threats of the Russia-Ukraine conflict masked more sinister and successful traction by a growing number of China-nexus adversaries," says Adam Meyers, head of intelligence at CrowdStrike. "Today's threat actors are smarter, more sophisticated, and more well resourced than they have ever been in the history of cybersecurity. Only by understanding their rapidly evolving tradecraft, techniques and objectives -- and by embracing technology fueled by the latest threat intelligence -- can companies remain one step ahead of today's increasingly relentless adversaries."
CrowdStrike Intelligence has added 33 newly tracked adversaries bringing the total number of known adversaries tracked to more than 200. More than 20 of the new additions are 'SPIDERS', the CrowdStrike naming convention for eCrime adversaries.
The full report is available from the CrowdStrike site.
Image Credit: Brian A Jackson / Shutterstock