fbpx
Techitup Middle East
B2B TechnologyCybersecurity

2024 CrowdStrike Threat Hunting Report

Nation-States Exploit Legitimate Credentials to Pose as Insiders 

CrowdStrike released the 2024 Threat Hunting Report, highlighting the latest adversary trends, campaigns and tactics based on the frontline intelligence from CrowdStrike’s threat hunters and intelligence analysts. The report reveals a rise in nation-state and eCrime adversaries exploiting legitimate credentials and identities to evade detection and bypass legacy security controls, as well as a rise in hands-on-keyboard intrusions, cross-domain attacks, and cloud control plane exploits.  

Key findings include:  

  • North Korea-Nexus Adversaries Pose as Legitimate U.S. Employees: FAMOUS CHOLLIMA infiltrated over 100 primarily U.S. technology companies. Leveraging falsified or stolen identity documents, malicious insiders gained employment as remote IT personnel to exfiltrate data and carry out malicious activity.   
  • Hands-on-Keyboard Intrusions Increase by 55%: More threat actors are engaging in hands-on-keyboard activities to blend in as legitimate users and bypass legacy security controls. 86% of all hands-on intrusions are executed by eCrime adversaries seeking financial gains. These attacks increased by 75% in healthcare and 60% in technology, which remains the most targeted sector for seven years in a row.  
  • RMM Tool Abuse Grows by 70%: Adversaries including CHEF SPIDER (eCrime) and STATIC KITTEN (Iran-nexus) are using legitimate Remote Monitoring and Management (RMM) tools like ConnectWise ScreenConnect for endpoint exploitation. RMM tool exploitation accounted for 27% of all hands-on-keyboard intrusions.   
  • Cross-Domain Attacks Persist: Threat actors are increasingly exploiting valid credentials in order to breach cloud environments and eventually using that access to access endpoints. These attacks leave minimal footprints in each of those domains, like separate puzzle pieces, making them harder to detect.  
  • Cloud Adversaries Target the Control Plane: Cloud-conscious adversaries like SCATTERED SPIDER (eCrime) are leveraging social engineering, policy changes and password manager access to infiltrate cloud environments. They exploit connections between the cloud control plane and endpoints to move laterally, maintain persistence and exfiltrate data.  

Download the 2024 CrowdStrike Threat Hunting Report.  

Related posts

Core42 Announces Partnership with AIREV

Editor

CrowdStrike, Cloudflare Expand Partnership to Secure Networks

Editor

SolarWinds Releases its 2024 IT Trends Report

Editor

Leave a Comment