Request a Quote

CrowdStrike at BlackHat: Speed, Interaction, Sophistication of Threat Actors Rising in 2023

We Keep you Connected

CrowdStrike at BlackHat: Speed, Interaction, Sophistication of Threat Actors Rising in 2023

CrowdStrike at BlackHat: Speed, Interaction, Sophistication of Threat Actors Rising in 2023
Your email has been sent
As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement.
Adversary breakout time — the time it takes a threat actor to zipline from the initial point of entry into a network — hit an average all-time low of 79 minutes, down from 84 minutes last year, with the fastest breakout of the year coming in at a record of seven minutes.
“That is important, because all of your playbooks from the defense side should be determined by how quickly the threat actor is operating,” said Param Singh, vice president of CrowdStrike’s threat monitoring unit Falcon OverWatch. “All blue teamers, including us, need to do things like think about automation and figure out how to stop the fastest threat actor, one moving laterally within seven minutes.” The threat report also showed a 40% year-over-year increase in interactive intrusions, in which an adversary interacts with and executes against a target. The most frequently targeted vertical was technology for the sixth consecutive year, followed by financial, retail, health care and telecommunications sectors (Figure A).
Figure A
“We look at some of the same stats year over year, and we are seeing that for some of these the needle is moving and favoring the threat actors,” said Singh.
CrowdStrike’s report, using data from July 1, 2022, to June 30, 2023, garnered by Falcon OverWatch and revealed this week at the annual Black Hat convention in Las Vegas, also found that:
CrowdStrike also reported that North Korea was the nation-state front of the most aggressive state-sponsored attacks.
Also on the rise are access brokers. The firm reported a 147% increase in access broker advertisements on the dark web, up 35% from 6 months ago.
CrowdStrike also found that, for the sixth consecutive year, the technology sector was the most frequently targeted, with financial second, displacing telecommunications, which is the third most targeted vertical. North Korean threat groups, aiming to generate currency were, according to the report, the most aggressive state-sponsored adversaries versus the financial sector.
The report found that, while adversaries such as North Korean aligned attackers focus on stealing cryptocurrency or nonfungible tokens (NFTs), the bigger picture is that opportunistic big game hunting (BGH) ransomware and data theft campaigns remain the primary eCrime threat to financial institutions.
The report also points to two attackers, the Iranian Kitten and Chinese Panda as purveyors of two specific practices: Kitten users exploit a certain kind of asset while Panda adversaries are increasingly aiming for breadth of attacks levied against as many targets as possible (Figure B)
Figure B
The technology sector’s reliance on and use of sensitive data make it a BGH target for ransomware and data theft. Other prominent eCrime threats to the technology sector include enabling services, access brokers and information theft campaigns, according to CrowdStrike’s report.
The firm also pointed to some hallmarks of 2023 tactics by threat actors:
Over the past year, Falcon OverWatch observed a 583% increase in a tactic called Kerberoasting, which gives attackers higher privileges and enables lateral movement within a victim’s environment.
Kerberos is an authentication protocol that grants tickets for access to Active Directory accounts, a protocol based on a unique identifier. Kerberoasting involves the theft of tickets containing credentials, associated with the identifiers. Although encrypted, these credentials can be cracked offline.
“It’s not a new technique, but we are seeing it becoming a bigger part of the threat actor playbook,” said Singh. “Once you attack an initial victim, the stolen credentials you used to get onto that machine may not be enough to move laterally and work on your mission. Kerboroasting allows privilege escalation; because it’s an effective way to move laterally, we are seeing this huge spike.”
Disclaimer: Barracuda Networks paid for my airfare and accommodations for Black Hat 2023.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
CrowdStrike at BlackHat: Speed, Interaction, Sophistication of Threat Actors Rising in 2023
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Microsoft is also running a grant competition for ideas on using AI training in community building.
Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.
Does your business need a payroll provider that offers international payroll services? Use our buyer’s guide to review the best solutions, from ADP to Oyster.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Whether your business is a well-established powerhouse or just barely getting off the ground, you’re going to need a professional, functional and inviting website. No matter what business you’re in, it’s essential to have at least a minimum presence on the internet. Trying to conduct business without that presence places your organization at a great …
Whether your enterprise is dealing with a business environment measured on a global scale or one that is confined to the local level, you will always have to deal with people. Changing economic fortunes, social interaction and other factors too many to name can cause stress and, unfortunately, lead to people acting out in inappropriate …
Storage engineers take ownership and responsibility for the smooth operation of an organization’s communication and storage networks. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best candidate for your organization. From the hiring kit: According to Glassdoor, the salary for a storage engineer in the United States …
Your computer network is under constant attack. The hard reality is that one of those cyberattacks will succeed, and you had better be prepared. This quick glossary from TechRepublic Premium explains the terminology used by security experts as they attempt to reduce the damage caused by a successful attack. From the glossary: EVIDENCE COLLECTION POLICY …

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE