top of page

Insights from Crowdstrike's Annual Threat Report


To avoid EDR/XDR on endpoints, threat actors are turning to other avenues of attack: cloud, network devices and identities are now key parts of the attack surface.


These are the key takeaways from Crowdstrike's recently released annual Global Threat Report (2024 edition) - full version here.


It's a useful in-depth review of threat actor groups operating during 2023, and also a reminder of the currently trending techniques used by adversaries.


Some notes:

  • 32 new adversary groups tracked during 2023, rising the total tracked by Crowdstrike to 232.

  • Cloud aware attacks growing fast, increasingly targeting Microsoft365 environments and other cloud platforms, thus avoiding EDR endpoint detection (see recent example of cloud native attack). They will look to detect, enumerate and navigate cloud environments to harvest valuable proprietary information, and use this in ongoing operations and ransom negotiations.

  • Threat actors have adapted to the enhanced visibility of traditional endpoint EDR sensors by altering their exploitation tactics for initial access and lateral movement. They are now targeting the network periphery and remote access services (SSL-VPN, RDP, etc), typically lacking EDR and often featuring zero-day vulnerabilities. Recent example here.

  • A recurrent theme are identity-based and social engineering attacks. Besides stealing account credentials, adversaries are targeting API keys and secrets (machine or application credentials, see this example.).


Comments


bottom of page