Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

CrowdStrike reports growth in Chinese cyber attacks within the APJ region

Threats facing the Asia-Pacific and Japan (APJ) region are growing substantially, with attackers hitting faster and harder thanks to technological developments, according to new research from cyber security technology company CrowdStrike.

user icon Daniel Croft
Wed, 09 Aug 2023
Crowdstrike reports growth in Chinese cyber attacks within the APJ region
expand image

With its sixth annual edition, the CrowdStrike 2023 Threat Hunting Report, CrowdStrike has identified growing threat trends within the region, including a growth in Chinese cyber adversaries within the region and a decrease in adversary breakout time.

“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” said Adam Meyers, head of counter adversary operations at CrowdStrike.

A key area of growth in the region was the interest from Chinese cyber actors. According to the report, Chinese threat actors have reported a total of 14 different industry types, compared to six in the US and two in Europe, the Middle East and Africa (EMEA region).

============
============

Overall, the most targeted industry by threat actors worldwide was the technology industry, making up over a quarter of all attacks (26 per cent). Following that were telcos at 12 per cent, retail at 11 per cent, financial services at 8 per cent and manufacturing at 7 per cent.

The financial industry saw a clear increase, reporting an 80 per cent year-on-year increase in interactive intrusions, which are intrusions in which the threat actor uses hands-on tactics and keyboard activity. Worldwide, attacks of this kind increased 40 per cent overall.

CrowdStrike found that the time taken for a threat actor to go from an initial breach to accessing other elements of a victim’s systems (also known as adversary breakout) had decreased to a record low of 79 minutes, beating last year’s all-time low of 84 minutes.

The fastest adversary breakout time was recorded at seven minutes, showing that hackers are getting much more fast and adept.

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster, and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes,” added Meyers.

A reason behind the growth in cyber incidents is likely connected to the growth in Access Broker advertisements, in which threat actors advertise access to valid accounts, and list them for sale to be used by other threat actors. This lowers the barrier to entry into cyber crime, expanding the number of criminals and increasing the efficiency of their attacks.

Access Broker advertisements saw a massive 147 per cent increase as threat actors marketed stolen accounts on the dark web and criminal communities.

On top of that, with technological advancements assisting threat actors just as much as our security experts, CrowdStrike found that a handful of tools came up repeatedly in reports of cyber attacks within the region.

AnyDesk, PsExec and NetScan were all spotted being used in interactive intrusions.

AnyDesk, a remote monitoring and management tool, took the crown for the most used tool, followed by PsExec, which provides remote execution capabilities, and NetScan, a scanning tool for collecting system information.

Custom web shells made up 13 per cent of all intrusions and were frequently used by Chinese threat actors.

Crowdstrike’s 2023 Threat Hunting Report is available now and can be found on its website.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.