CrowdStrike 2024 Threat Hunting Report

→ Our elite threat hunters & intelligence analysts track +245 adversaries across today’s cyber threat landscape

→ Critical, actionable insights organizations need to know

Pioneers in threat intelligence
adversary detection

CrowdStrike is the leader in cyber threat intelligence with the industry’s only unified intelligence and hunting team built to track, detect, and disrupt adversaries globally. Our team knows cyber threats better than anyone, and we use these insights to guide product innovation, protect organizations, and increase the cost to the adversary.

Our insights keep organizations one step ahead

Cyber attacks are increasing, evolving, and becoming more sophisticated. CrowdStrike’s latest report highlights tactics today’s cyber adversaries are using and provides actionable observations to remain ahead of today’s threats. These are essential to safeguarding global networks across sectors, including financial services, healthcare and telecommunications among others.

Cross-domain attacks and insider threats
are on the rise

Adversaries are executing cross-domain attacks, targeting identity, cloud, and endpoint domains. Most often, they use stolen credentials to break into the cloud and move laterally to endpoints. Cross-domain threats are prevalent among malicious insiders, who can log in and quickly compromise multiple domains.

Legitimate credentials are exploited to gain easy access

Adversaries aren’t breaking in — they’re logging in with stolen credentials sourced from social engineering or access brokers. However, their misuse of valid accounts in suspicious ways creates abnormal patterns that help expert threat hunters shut them down, making human validation critical.

Adversaries are gaining full control of the cloud

As organizations move to the cloud, threats from adversaries like SCATTERED SPIDER intensify, leveraging spear phishing, policy modifications, and password manager access to infiltrate and exploit cloud environments. Penetrating the cloud control plane gives adversaries broad access and the capability to compromise the entire cloud infrastructure.

Endpoint attacks use remote monitoring and management (RMM) tools

The use of RMM tools for endpoint attacks surged by 70% in the past 12 months, accounting for 27% of hands-on-keyboard intrusions. Adversaries like STATIC KITTEN gain access with stolen credentials or phishing, then deploy RMM tools to blend in with legitimate operations. RMM-based attacks are here to stay, making it essential for protectors to continuously monitor these tools.