Cloud intrusions increased by 75 per cent with cloud-conscious cases increasing by 110 per cent year-on-year, according to the latest CrowdStrike 2024 Global Threat Report.
“Throughout 2023, targeted intrusion actors consistently attempted to exploit trusted relationships to gain initial access to organisations across multiple verticals and regions. This type of attack takes advantage of vendor-client relationships to deploy malicious tooling via two key techniques: compromising the software supply chain using trusted software to spread malicious tooling and leveraging access to vendors supplying IT services,” Roland Daccache, senior manager of systems engineering at CrowdStrike, told Khaleej Times in an interview.
Threat actors targeting third-party relationships are motivated by the potential return on investment (ROI). “One compromised organisation can lead to hundreds or thousands of follow-on targets. These stealthy attacks can also more effectively provide an opportunity for attackers seeking to exploit a hardened end target,” Daccache said.
AI’s continuous development will undoubtedly increase the potency of its potential misuse — particularly within the scope of information operations and especially for less digitally literate audiences. “The degree to which popular generative AI tools can be used maliciously will likely adapt over time as companies, tool owners and governments respond to new developments and perceived misuse,” Daccache added.
A particular area of concern is access brokers. These are threat actors who gain and sell access to organisations to facilitate criminal activities. Access brokers analyse organisations’ attack surfaces to find vulnerabilities they can exploit or use sophisticated social engineering techniques to trick employees and steal credentials. The CrowdStrike report states that the number of accesses advertised by access brokers increased by 20 per cent in 2023 compared to 2022. “In 2023, academic, retail, and professional services were the top three targeted sectors according to our report,” Daccache said.
Cyber threats are increasing at an alarming rate due to the widespread use of interactive intrusion techniques. The most frequently targeted industries using this technique were technology, telecommunications, financial and government, the report showed.
Another area of concern is interactive intrusion, which involves cybercriminals impersonating expected user and administrator behavior, making it difficult for defenders to differentiate between legitimate activity and a cyberattack. In 2023, CrowdStrike observed a 60 per cent year-over-year increase in the number of interactive intrusion campaigns, with a 73 per cent increase in the second half compared to 2022. The technology sector was most frequently targeted, followed by telecommunications, and financial.
Here are some tips from Daccache on how organisations can protect themselves.
Identity protection is a must-have. Stolen credentials grant cybercriminals swift access and control — an instant gateway to a breach.
Prioritise cloud-native application protection platforms (CNAPPs) as they provide a unified platform that simplifies monitoring, detecting and acting on potential cloud security threats.
Invest in a unified security platform with AI capabilities so that your organisation has complete visibility in one place and can easily control their operations.
Build a cybersecurity culture by training and encouraging employees to identify gaps and eliminate weaknesses in your cybersecurity practices and response.
Leverage efficient cybersecurity solutions because it takes adversaries an average of 62 minutes — and the fastest only 2 minutes — to move laterally.