CrowdStrike at BlackHat: Speed, Interaction, Sophistication of Threat Actors Rising in 2023

2023-08-10 22:57

As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement.

Adversary breakout time - the time it takes a threat actor to zipline from the initial point of entry into a network - hit an average all-time low of 79 minutes, down from 84 minutes last year, with the fastest breakout of the year coming in at a record of seven minutes.

"All blue teamers, including us, need to do things like think about automation and figure out how to stop the fastest threat actor, one moving laterally within seven minutes." The threat report also showed a 40% year-over-year increase in interactive intrusions, in which an adversary interacts with and executes against a target.

Figure A. "We look at some of the same stats year over year, and we are seeing that for some of these the needle is moving and favoring the threat actors," said Singh.

North Korean threat groups, aiming to generate currency were, according to the report, the most aggressive state-sponsored adversaries versus the financial sector.

The report found that, while adversaries such as North Korean aligned attackers focus on stealing cryptocurrency or nonfungible tokens, the bigger picture is that opportunistic big game hunting ransomware and data theft campaigns remain the primary eCrime threat to financial institutions.

News URL

https://www.techrepublic.com/article/black-hat-crowdstrike-threat-hunting/

#blackhat #crowdstrike #threat