For the sixth consecutive year, the technology vertical was the most frequently targeted interactive intrusion vertical, accounting for 21 per cent of all intrusions recorded between July 2022 to June 2023.
The sector continues to be a high-value target for eCrime adversaries, with big game hunting (BGH) operations posing the most prevalent eCrime threat to the sector. The technology sector’s reliance on and access to highly sensitive data make it an especially attractive target.
The financial industry saw a whopping 80 per cent year-on-year increase in interactive intrusions, which use hands-on keyboard activity, according to Nowhere to Hide, the annual Threat Hunting Report for 2023 prepared by cybersecurity solutions company Crowdstrike.
“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” Adam Meyers, Head of Counter Adversary Operations, has said.
Across all malicious activity tracked by CrowdStrike, about 71 per cent of intrusions were malware-free. “In a time when adversaries increasingly rely on hands-on-keyboard tactics to achieve their objectives, threat-hunting operations must be informed by today’s best threat intelligence,” Meyers said.
The telecommunications vertical accounted for at least 10 per cent of all intrusion activity in the Asia-Pacific region. A significant proportion of the intrusions against the telecommunications vertical were attributed to suspected China-nexus (PANDA) threat actors, the report said.
“Adversaries are doubling down on identity-based attacks, with 62 per cent of interactive intrusions involving the abuse of valid accounts. There was a 160 per cent increase in attempts to gather secret keys and other credentials via cloud instance metadata APIs,” the report said.
There was an increase of nearly six times in Kerberoasting attacks, yet another technique adversaries can abuse to obtain valid credentials for Active Directory service accounts, often providing actors with higher privileges and allowing them to remain undetected in victim environments for longer periods of time.
During the period, adversary breakout time hit an average all-time low of 79 minutes, falling from 84 minutes in 2022, with the fastest breakout of the year coming in at a record of 7 minutes. (Breakout time is the time taken by an intruder to jump from the machine that’s initially compromised and move laterally through your network. It is a critical window to stop a breach.)
The report pointed to a growing expertise by hackers targeting the cloud and three times spike in adversary use of legitimate remote monitoring and management (RMM) tools.
