CrowdStrike 2023 Global Threat Report: Resilient Businesses Fight Relentless Adversaries
The CrowdStrike 2023 Global Threat Report, among the most trusted and comprehensive research on the modern threat landscape, explores the most significant security events and trends of the previous year, as well as the adversaries driving this activity.
The latest edition of the CrowdStrike Global Threat Report comes at a critical time for organizations around the world. Adversaries have become more sophisticated, relentless and destructive in their attacks, as evidenced by the emergence of several trends in 2022 that threaten enterprise productivity and global stability. It is imperative that businesses pay attention to these changes in the threat landscape and respond with a stronger, more proactive defense.
Nation-state activity was front and center throughout 2022. The year started ominously as Russia’s deadly war of aggression in Ukraine brought about a terrible human toll, threatened international order and put countless global organizations at risk of spillover cyberattacks. China state-nexus adversaries accelerated their cyber espionage campaigns throughout the year, and Iranian actors launched destructive “lock-and-leak” operations using ransomware.
Adversaries continued to adapt and refine their techniques, which included re-weaponizing vulnerabilities, a greater focus on cloud exploitation and a rise in malware-free attacks. We saw a dramatic increase in advertisements from access brokers, who acquire access to organizations and provide or sell it to other actors, including ransomware operators. CrowdStrike Intelligence identified a significant increase in access broker activity throughout 2022, with more than 2,500 advertisements identified — a 112% jump from 2021. An especially popular tactic was the abuse of compromised credentials acquired via information stealers or purchased on the criminal underground, reflecting a growing interest in targeting identities that we also saw last year: Our 2022 report found 80% of cyberattacks leveraged identity-based techniques.
CrowdStrike Intelligence began tracking 33 new adversaries in 2022, raising the total number tracked to more than 200. Stopping breaches requires an understanding of these adversaries, including their motivations and the techniques they use to target organizations. Below are some of the trends and findings we explore in greater detail throughout this year’s report:
- Cloud exploitation skyrocketed: Last year’s Global Threat Report anticipated a rise in cloud exploitation, a trend that unfolded as expected in 2022. Cloud exploitation cases grew by 95% last year, and incidents involving cloud-conscious threat actors nearly tripled from 2021. The cloud continues to evolve as the new battleground as adversaries increasingly target cloud environments.
- Malware-free attacks continued to rise: Sophisticated adversaries relentlessly searched for new ways to evade antivirus protection and outsmart machine-only defenses. Seventy-one percent of attacks detected were malware-free, while interactive intrusions (hands-on-keyboard activity) increased 50% in 2022.
- Adversaries re-weaponized and re-exploited vulnerabilities: The constant disclosure of vulnerabilities affecting legacy infrastructure like Microsoft Active Directory continued to burden security teams and present an open door to attackers, while the ubiquitous Log4Shell vulnerability ushered in a new era of “vulnerability rediscovery,” during which adversaries modify or reapply the same exploit to target other similarly vulnerable products.
- China-nexus adversaries scaled operations: CrowdStrike Intelligence tracks China-nexus adversaries as the most active targeted intrusion groups. China-nexus adversaries, and actors using TTPs consistent with them, were observed targeting nearly all 39 global industry sectors and 20 geographic regions we track. These intrusions are likely intended to collect strategic intelligence, compromise intellectual property and further the surveillance of targeted groups.
CrowdStrike: Stopping Breaches So Customers Can Move Forward
The 2023 Global Threat Report shows security must parallel the slope of technology innovation. As enterprise technology matures, security must also evolve to match the sophistication of the technology organizations rely on. This slope of innovation applies to adversary activity as well: With every innovation we achieve, we can expect adversaries to seek new ways to exploit it.
At CrowdStrike, our mission today is the same as when we started: to stop breaches so our customers can move forward. Our focus is on delivering the platform, technology and intelligence needed to keep you ahead of the adversary. This is why we’ve unified and delivered critical protections like endpoint and extended detection and response, identity threat protection, cloud security, vulnerability and risk management, threat intelligence and much more — all from a single platform.
I hope you find this report instructive in how we can continue to work together to protect the world from those who mean to do harm. In the coming weeks, we will publish a series of blog posts taking a deeper dive into each of the key trends discussed in the 2023 Global Threat Report. These posts will examine the drivers of these trends and discuss how organizations can better defend themselves against modern adversaries. Security starts with knowledge — of the adversaries targeting us, their tactics and the vulnerabilities they’ll seek to exploit. With that knowledge comes resolve, that together we can prevail.
- Download the CrowdStrike 2023 Global Threat Report to learn how the threat landscape has shifted in the past year and understand the adversary behavior driving these shifts.
- Join CrowdStrike for a three-part CrowdCast series for in-depth discussions around the threats, events and trends in the CrowdStrike 2023 Global Threat Report.
- Want to know the adversaries potentially targeting your organization? Get your own custom threat landscape in the CrowdStrike Adversary Universe.
- Defending against today’s adversaries requires the best tools. Explore the CrowdStrike Falcon platform and learn how our technology protects against the threats discussed in the 2023 Global Threat Report, including cloud exploitation, advanced adversaries, malware-free attacks, vulnerability exploitation and more.