The Crowdstrike Threat Hunting Report 2024 is based on threat intelligence (obtained from the Crowdstrike Falcon platform) gathered in the last 12 months (from July 1, 2023 to June 30, 2024), along with the expertise of the vendor’s Overwatch expert team. This time, the report indicates that opponents continue to innovate their tactics and expand the use of proven techniques. To further challenge defenders, opponents are expanding the scope of their attack and navigating through multiple domains including identity, cloud and endpoint, making their activity increasingly difficult to detect.
In this order, Adam Meyers, SVP of Counter-Adversary Operations at Crowdstrike, commented: “This means that cyber threat actors look at the target more comprehensively. Not only focus on the endpoint. This means, from a defensive point of view, that we must immunize against different domains in order to identify these attacks more effectively”.
Added to the above, Meyers highlighted another relevant statistic: “We did a heat map of all the MITRE tactics we’ve seen in the last year, and half of them were based on identity. That means that cyber threat actors actually adopted identity-based attacks to increase their capabilities and avoid detection”.
“From a sectoral point of view, there is a general increase, said Meyers. Here we see that in almost all verticals we tracked, the frequency of attacks increased in the last year. The Technology vertical is number one for the seventh consecutive year in terms of number of attacks (increased by 60%)”. Another highly vulnerable sector is health. Interactive intrusions related to electronic crime against the health sector increased by 75 per cent. The abundance of sensitive financial and health information makes the health sector an increasingly popular target for the cyber threat actor.
“Selective intrusions, particularly in the Consulting and Professional Services sector, have increased by 141 per cent. The explanation is that these actors really seek to maximize return on investment. By attacking a professional services or consultancy organisation they can exploit the relationship of trust that they have with their clients”, Meyers said.
Other findings the report indicates:
- Interactive intrusions increased by 55%. During interactive intrusions, cyber threat actors perform interactive access activities to execute commands in the victim’s environment. Interactive intrusions are often more sophisticated and difficult to detect than automated attacks.
- 86% of all interactive intrusions were attributed to electronic crime activity. This highlights the increasing threat posed by the cyber threat actor, who seeks to make economic gains.
- The use of remote monitoring and management tools (RMM) by adversaries increased by 70%, and 27% of all interactive intrusions used RMM tools. ConnectWise ScreenConnect outperformed AnyDesk and became the most widely used RMM tool.
