CrowdStrike’s Annual Threat Hunting Report Reveals One Potential Intrusion Is Identified Every Seven Minutes

Rhea-AI Summary

The latest CrowdStrike Falcon OverWatch threat hunting report reveals a 50% year-over-year rise in hands-on intrusion attempts, with over 77,000 potential intrusions identified. The report indicates a significant decrease in breakout time for eCrime adversaries, now one hour and 24 minutes. The data shows that 43% of interactive intrusions are eCrime-related, with 71% of all detections being malware-free. The report highlights technology as the top targeted industry, and healthcare facing a surge in ransomware attempts.

Positive

• 50% YoY increase in hands-on intrusion attempts.
• 77,000 potential intrusions detected.
• Reduced average breakout time for eCrime adversaries to 1 hour and 24 minutes.
• Technology industry is the most targeted, signifying high demand for security solutions.

Negative

• eCrime accounted for 43% of interactive intrusions, indicating a high threat level.
• Healthcare experienced a doubling in interactive intrusions, raising concerns about sector vulnerability.

Findings from Falcon Overwatch threat hunters showed faster breakout times by eCrime adversaries and one million malicious events were prevented by the CrowdStrike Falcon platform

AUSTIN, Texas--(BUSINESS WIRE)-- CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced the release of the fourth annual CrowdStrike Falcon OverWatch threat hunting report: Nowhere to Hide: 2022 Falcon OverWatch Threat Hunting Report. The global report reveals a record 50% year-over-year (YoY) increase of hands-on intrusion attempts, and distinct changes in attack trends and adversary tradecraft. Most notably, Falcon OverWatch threat hunters identified more than 77,000 potential intrusions, or approximately one potential intrusion every seven minutes. These are instances where proactive, human-led threat hunting uncovered adversaries actively carrying out malicious techniques at various stages of the attack chain, despite attackers’ best efforts to covertly evade autonomous detection methods.

Falcon OverWatch calculated that the breakout time (i.e. the time, on average, it takes an adversary to move laterally from initial compromise to other hosts within the victim environment) for eCrime adversaries has fallen to one hour and 24 minutes – compared to one hour and 38 minutes as reported by Falcon OverWatch in the 2022 CrowdStrike Global Threat Report. Moreover, Falcon OverWatch found that in approximately one-third (30%) of those eCrime intrusions, the adversary was able to move laterally in under 30 minutes. These findings underline the speed and scale at which threat actors evolve their tactics, techniques and procedures (TTPs), and are capable of bypassing even the most sophisticated technology-based defense systems to successfully achieve their goals.

“Over the past 12 months, the world has faced new challenges spurred by economic pressures and geopolitical tensions, backdropping a threat landscape that is as complicated as ever,” said Param Singh, vice president, Falcon OverWatch at CrowdStrike. “To thwart brazen threat actors, security teams must implement solutions that proactively search for hidden and advanced attacks every hour of every day. The combination of the CrowdStrike Falcon platform with the telemetry, tooling, threat intelligence and human ingenuity of Falcon OverWatch managed threat hunting protects organizations globally against the most sophisticated and stealthy threats.”

Other key findings from the report include:

• eCrime is the top threat type for interactive intrusion campaigns. eCrime accounted for 43% of interactive intrusions, while state-nexus actors accounted for 18% of activity. Hacktivists accounted for just 1% of interactive intrusion campaigns, with the remaining intrusions unattributed.
• Adversaries continue shifting away from malware. Malware-free threat activity accounted for 71% of all detections indexed by the CrowdStrike Threat Graph. The predominance of malware-free activity is related, in part, to adversaries’ prolific abuse of valid credentials to facilitate access and persistence in victim environments. Another factor is the rate at which new vulnerabilities are being disclosed and the speed with which adversaries are able to operationalize exploits.
• Technology is the top industry targeted for interactive intrusions. The top five industries targeted overall were technology (19%), telecommunications (10%), manufacturing (7%), academic (7%) and healthcare (7%). Of note, technology was targeted 90% more frequently by interactive intrusions than the second-most targeted industry.
• Telecommunications is the top industry for targeted intrusions by nation-state actors. The top five industries targeted overall were telecommunications (37%), technology (14%), government (9%), academic (5%) and media (4.5%). The telecommunications industry continues to be preyed on for fulfillment of state-sponsored surveillance, intelligence and counterintelligence collection priorities. Of note, telecommunications faced 163% more targeted intrusions by state-nexus actors than the second-most targeted industry.
• Healthcare finds itself in the crosshairs of Ransomware-as-a-Service (RaaS). The volume of attempted interactive intrusions against the healthcare industry has doubled year-over-year. A significant majority of these intrusions have been attributed to eCrime.

The report includes insights from Falcon OverWatch’s global threat hunting operations from July 1, 2021 through June 30, 2022, and outlines in-depth attack data and analysis, case studies and actionable recommendations.

Additional Resources

• Download your copy of the full report Nowhere to Hide: 2022 Falcon OverWatch Threat Hunting Report on the CrowdStrike website.
• Tune in on Twitter Spaces on September 19 at 11:30 a.m. PT to hear from experts live from Fal.Con as they highlight key takeaways from the 2022 Falcon OverWatch Threat Hunting Report. https://twitter.com/i/spaces/1YpJkgOPADrJj
• Join the CrowdStrike Falcon OverWatch threat hunting team for a live CrowdCast on October 6 as they share new attack trends and tradecrafts from the 2022 Falcon OverWatch Threat Hunting Report. Register here: https://www.crowdstrike.com/resources/crowdcasts/nowhere-to-hide-2022-falcon-overwatch-threat-hunting-report/

About CrowdStrike

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2022 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220913005643/en/

Kevin Benacci

CrowdStrike Corporate Communications

press@crowdstrike.com

Source: CrowdStrike

FAQ

What does the latest CrowdStrike Falcon OverWatch report reveal about intrusion attempts?

The report shows a 50% year-over-year increase in hands-on intrusion attempts, highlighting a growing threat landscape.

How has the breakout time for eCrime adversaries changed according to the report?

The average breakout time for eCrime adversaries has decreased to 1 hour and 24 minutes.

What percentage of interactive intrusions are attributed to eCrime?

eCrime accounts for 43% of interactive intrusions as reported by CrowdStrike.

Which industry is the most targeted according to the CrowdStrike report?

The technology industry is identified as the most targeted sector, facing the highest number of interactive intrusions.

What notable trend is occurring in the healthcare industry as mentioned in the report?

The healthcare industry has seen a doubling in attempted interactive intrusions, indicating increased vulnerability.