2024 CrowdStrike Threat Hunting Report: Nation-States Exploit Legitimate Credentials to Pose as Insiders
CrowdStrike's 2024 Threat Hunting Report reveals alarming trends in cybersecurity threats. North Korean hackers infiltrated over 100 U.S. tech companies using false identities. Hands-on-keyboard intrusions increased by 55%, with eCrime actors responsible for 86% of these attacks. Abuse of Remote Monitoring and Management (RMM) tools grew by 70%, accounting for 27% of hands-on intrusions.
The report highlights a rise in cross-domain attacks and cloud control plane exploits. Adversaries are increasingly using legitimate credentials to bypass security measures and blend in as authentic users. The technology sector remains the most targeted for the seventh consecutive year, with a 60% increase in attacks.
Il Rapporto sulle Minacce di CrowdStrike del 2024 rivela tendenze allarmanti nelle minacce informatiche. I pirati informatici nordcoreani hanno infiltrato oltre 100 aziende tecnologiche statunitensi utilizzando identità false. Le intrusioni con modalità hands-on sono aumentate del 55%, con gli attori della eCrime responsabili dell'86% di questi attacchi. Abuso degli strumenti di Monitoraggio e Gestione Remota (RMM) è cresciuto del 70%, rappresentando il 27% delle intrusioni hands-on.
Il rapporto evidenzia un aumento degli attacchi cross-domain e degli exploit del piano di controllo del cloud. Gli avversari stanno sempre più utilizzando credenziali legittime per eludere le misure di sicurezza e mimetizzarsi come utenti autentici. Il settore tecnologico rimane il più mirato per il settimo anno consecutivo, con un aumento del 60% degli attacchi.
El Informe sobre Caza de Amenazas de CrowdStrike de 2024 revela tendencias alarmantes en las amenazas cibernéticas. Los piratas informáticos norcoreanos infiltraron más de 100 empresas tecnológicas estadounidenses utilizando identidades falsas. Las intrusiones hands-on aumentaron en un 55%, con actores de eCrime responsables del 86% de estos ataques. El abuso de herramientas de Monitoreo y Gestión Remota (RMM) creció un 70%, representando el 27% de las intrusiones hands-on.
El informe destaca un aumento en los ataques de dominio cruzado y en los exploits del plano de control en la nube. Los adversarios están utilizando cada vez más credenciales legítimas para eludir medidas de seguridad y pasar desapercibidos como usuarios auténticos. El sector tecnológico continúa siendo el más atacado por séptimo año consecutivo, con un aumento del 60% en los ataques.
CrowdStrike의 2024 위협 헌팅 보고서는 사이버 보안 위협에서 우려스러운 추세를 드러냅니다. 북한 해커들이 가짜 신원을 이용해 100개 이상의 미국 기술 회사를 침투했습니다. 핸즈온 키보드 침입이 55% 증가했습니다, eCrime 행위자가 이러한 공격의 86%를 차지하고 있습니다. 원격 모니터링 및 관리(RMM) 도구의 남용이 70% 증가했으며, 핸즈온 침입의 27%를 차지합니다.
보고서는 교차 도메인 공격과 클라우드 제어 평면 악용의 증가를 강조합니다. 적들은 점점 더 합법적인 자격증명을 사용하여 보안 조치를 우회하고 진정한 사용자처럼 나타나고 있습니다. 기술 분야는 7년 연속 가장 많은 공격을 받았으며, 공격이 60% 증가했습니다.
Le Rapport sur la chasse aux menaces 2024 de CrowdStrike révèle des tendances alarmantes en matière de menaces cybernétiques. Des hackers nord-coréens se sont infiltrés dans plus de 100 entreprises technologiques américaines en utilisant de fausses identités. Les intrusions manuelles ont augmenté de 55%, avec des acteurs de la cybercriminalité responsables de 86% de ces attaques. Abus des outils de surveillance et de gestion à distance (RMM) a augmenté de 70%, représentant 27% des intrusions manuelles.
Le rapport souligne une augmentation des attaques interdomaines et des exploits du plan de contrôle du cloud. Les adversaires utilisent de plus en plus des identifiants légitimes pour contourner les mesures de sécurité et se fondre en tant qu'utilisateurs authentiques. Le secteur technologique reste le plus ciblé pour la septième année consécutive, avec une augmentation de 60% des attaques.
Der Bedrohungsjagdbericht 2024 von CrowdStrike zeigt alarmierende Trends in der Cyber-Sicherheitsbedrohung. Nordkoreanische Hacker drangen in über 100 amerikanische Tech-Unternehmen ein und verwendeten dabei falsche Identitäten. Die Hands-on-Keyboard-Intrusionen stiegen um 55%, wobei eCrime-Akteure für 86% dieser Angriffe verantwortlich sind. Der Missbrauch von Remote Monitoring and Management (RMM)-Tools wuchs um 70% und machte 27% der Hands-on-Intrusionen aus.
Der Bericht hebt einen Anstieg von Cross-Domain-Angriffen und Cloud-Control-Plane-Exploits hervor. Gegner nutzen zunehmend legale Anmeldeinformationen, um Sicherheitsmaßnahmen zu umgehen und sich als authentische Benutzer zu tarnen. Der Technologiesektor bleibt im siebten Jahr in Folge der am meisten angegriffene Sektor, mit einem Anstieg der Angriffe um 60%.
- CrowdStrike's threat intelligence provides valuable insights into evolving cybersecurity threats
- The company's Falcon platform uses AI-native technology informed by human-led threat hunting
- CrowdStrike tracks nearly 250 adversaries, positioning itself as a leader in threat intelligence
- Increasing sophistication of cyber threats may require continuous investment in R&D to maintain competitive edge
- Rising cyber attacks in various sectors could lead to increased pressure on CrowdStrike's resources and capabilities
Insights
The 2024 CrowdStrike Threat Hunting Report reveals alarming trends in cybersecurity threats, particularly the rise of nation-state and eCrime adversaries exploiting legitimate credentials. This poses significant risks for businesses across sectors, especially in technology and healthcare. The
For investors, this report underscores the growing demand for advanced cybersecurity solutions. Companies like CrowdStrike, which offer AI-native platforms and human-led threat hunting, are well-positioned to capitalize on this trend. The persistent and evolving nature of these threats suggests a long-term growth trajectory for the cybersecurity industry, potentially driving increased valuations for leading firms in this space.
The report's findings have significant implications for the tech sector, which remains the most targeted for the seventh consecutive year. The infiltration of over 100 U.S. tech companies by North Korean actors posing as legitimate employees is particularly concerning. This trend could lead to increased operational costs for tech firms as they bolster their security measures and vetting processes.
However, this also presents an opportunity for companies specializing in identity verification and insider threat detection. The rise in cloud control plane attacks and cross-domain techniques suggests a growing need for comprehensive, integrated security solutions that can protect across multiple environments. Tech companies that can offer such solutions may see increased market share and revenue growth in the coming years.
From a financial risk perspective, the report highlights potential threats to company assets and data across various sectors. The
Investors should consider the cybersecurity readiness of companies in their portfolios, particularly in high-risk sectors. Firms with robust cybersecurity measures may be better positioned to mitigate these risks. Additionally, the report suggests a potential increase in cybersecurity spending across industries, which could impact profit margins but is increasingly necessary for risk management. This trend may drive higher valuations for cybersecurity firms and related technology providers in the medium to long term.
North Korean insider threat targets
Key findings include:
-
North Korea-Nexus Adversaries Pose as Legitimate
U.S. Employees: FAMOUS CHOLLIMA infiltrated over 100 primarilyU.S. technology companies. Leveraging falsified or stolen identity documents, malicious insiders gained employment as remote IT personnel to exfiltrate data and carry out malicious activity. -
Hands-on-Keyboard Intrusions Increase by
55% : More threat actors are engaging in hands-on-keyboard activities to blend in as legitimate users and bypass legacy security controls.86% of all hands-on intrusions are executed by eCrime adversaries seeking financial gains. These attacks increased by75% in healthcare and60% in technology, which remains the most targeted sector for seven years in a row. -
RMM Tool Abuse Grows by
70% : Adversaries including CHEF SPIDER (eCrime) and STATIC KITTEN (Iran -nexus) are using legitimate Remote Monitoring and Management (RMM) tools like ConnectWise ScreenConnect for endpoint exploitation. RMM tool exploitation accounted for27% of all hands-on-keyboard intrusions. - Cross-Domain Attacks Persist: Threat actors are increasingly exploiting valid credentials in order to breach cloud environments and eventually using that access to access endpoints. These attacks leave minimal footprints in each of those domains, like separate puzzle pieces, making them harder to detect.
- Cloud Adversaries Target the Control Plane: Cloud-conscious adversaries like SCATTERED SPIDER (eCrime) are leveraging social engineering, policy changes and password manager access to infiltrate cloud environments. They exploit connections between the cloud control plane and endpoints to move laterally, maintain persistence and exfiltrate data.
“For over a decade, we’ve vigilantly tracked the most prolific hacktivist, eCrime, and nation-state adversaries,” said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. “In tracking nearly 250 adversaries this past year, a central theme emerged—threat actors are increasingly engaging in interactive intrusions and employing cross-domain techniques to evade detection and achieve their objectives. Our comprehensive, human-led threat hunting directly informs the algorithms that power the AI-native Falcon platform, ensuring that we stay ahead of these evolving threats and continue to deliver the industry’s most effective cybersecurity solutions.”
Additional Resources
- Download the 2024 CrowdStrike Threat Hunting Report.
- Visit CrowdStrike’s Adversary Universe for the internet’s definitive source on adversaries.
- Listen to the Adversary Universe podcast to glean insights into threat actors and recommendations to amplify security practices.
About CrowdStrike
CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.
Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.
Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.
CrowdStrike: We stop breaches.
Learn more: https://www.crowdstrike.com/
Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/
© 2024 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240820982024/en/
Jake Schuster
CrowdStrike Corporate Communications
press@crowdstrike.com
Source: CrowdStrike
FAQ
What are the key findings of CrowdStrike's 2024 Threat Hunting Report for CRWD stock?
How has the technology sector been affected by cyber threats according to CrowdStrike (CRWD)?
What percentage of hands-on intrusions are executed by eCrime adversaries, as per CrowdStrike's (CRWD) report?
How many adversaries did CrowdStrike (CRWD) track in the past year for their 2024 report?
