Cybersecurity services provider CrowdStrike said today in its new 2023 Global Threat Report that the firm saw a sharp rise in cyberattacks on cloud environments, and upticks in China-nexus related attacks in 2022.
One of the key findings from the report released today was a 95 percent increase in cloud exploitation. The firm said the number “cloud-conscious” threat actors nearly tripled in 2022, and said that marked “more evidence adversaries are increasingly” targeting cloud environments.
“Throughout 2022, cloud-conscious actors deployed a variety of tactics, techniques and procedures (TTPs) to exploit cloud environments,” the report says. “CrowdStrike Intelligence observed actors continuing to rely on valid cloud accounts but also increasingly looking to public-facing applications for initial access,” it says.
“More actors were seen moving toward cloud account discovery, compared to the heavier reliance on cloud infrastructure discovery observed in 2021,” the firm said. “Actors were also identified using valid higher-privileged accounts for privilege escalation in 2022.”
“Notably, in terms of defense evasion tactics, CrowdStrike Intelligence saw actors shift away from the deactivation of antivirus and firewall technologies, as well as from log-tampering efforts,” the report says. “Instead, they were observed seeking ways to modify authentication processes and attack identities.”
The report also finds an increase in the number of malware-free attacks in 2022, to 71 percent from 62 percent in 2021, which it says shows “how sophisticated human adversaries [are] increasingly looking to evade antivirus protection and outsmart machine-only defenses.”
The report also talks about an increase in the amount of surveilled threat and adversaries within the past year due to global issues including Russia’s invasion of Ukraine and growth in the number of China-nexus adversaries.
“The past 12 months brought a unique combination of threats to the forefront of security. Splintered eCrime groups re-emerged with greater sophistication, relentless threat actors sidestepped patched or mitigated vulnerabilities, and the feared threats of the Russia-Ukraine conflict masked more sinister and successful traction by a growing number of China-nexus adversaries,” stated Adam Meyers, head of intelligence at CrowdStrike.
Other findings include how foreign adversaries were “re-weaponizing and re-exploiting vulnerabilities” which include cyber vulnerabilities such as Log4Shell.
“Log4Shell continued to ravage the internet, while both known and new vulnerabilities, like ProxyNotShell and Follina – just two of Microsoft’s 28 zero days and 1,200 patches – were broadly exploited as nation-nexus and eCrime adversaries circumvented patches and side-stepped mitigations,” the report says.
The report also highlights the following findings.
- 112% year-over-year increase in access broker advertisements on the dark web;
- 33 new adversaries introduced – the biggest increase CrowdStrike has ever observed in one year;
- Average eCrime breakout time is now 84 minutes;
- The cyber impact of Russia-Ukraine war was overhyped but not insignificant; and
- An uptick in social engineering tactics targeting human interactions.