Share this article on:
New data from CrowdStrike paints a picture of a rapidly changing cyber security threat landscape as hackers get faster and more creative.
In the last 12 months, hackers have managed to speed up their activity at an alarming rate.
We’re not talking about more attacks but about attacks that are faster themselves. According to CrowdStrike’s 10th annual Global Threat Report, the breakout time of an attack – the time it takes for a threat actor to gain initial access to a network – has decreased from 84 minutes in 2022 to just 62 minutes in the last 12 months.
And once in, it takes only 31 seconds – 31 seconds! – for an attacker to start deploying tools to explore the compromised network.
Worryingly, the fastest-known attack in the last 12 months took only two minutes and seven seconds from the initial attempt to actual network access.
Attackers are also becoming sneakier and more capable of interactive intrusions – attacks that rely more upon the wits of the attacker to exploit stolen credentials and blend in on a network rather than simply deploying malware and letting it do the work. There’s been a 60 per cent increase in this flavour of activity.
Similarly, as organisations move to the cloud, so do threat actors. Cloud intrusions increased by 75 per cent over the last year.
But perhaps the most worrying threat is not how hackers are adapting to a changing environment but rather what they may be targeting in the year ahead. CrowdStrike notes that more than 40 democratic elections are looming in 2024, a circumstance that criminals and nation-state actors are likely to take advantage of, disrupting processes or even changing the way people vote through disinformation campaigns powered by AI deepfakes.
China, Iran, and Russia are called out as particularly dangerous actors in this regard.
“Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen e-crime groups, sophisticated nation-state actors and hacktivists targeting businesses in every sector spanning the globe. Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard-of speed, while threat groups continued to experiment with new technologies, like GenAI, to increase the success and tempo of their malicious operations,” said Adam Meyers, head of counter adversary operations at CrowdStrike, in a statement.
“To defeat relentless adversaries, organisations must embrace a platform approach, fuelled by threat intelligence and hunting, to protect identity, prioritise cloud protection, and give comprehensive visibility into areas of enterprise risk.”
You can read the full report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.