Crowdstrike Threat Hunting Report 2023

Keypoints

• The annual cybersecurity report by CrowdStrike follows a structured format, beginning with a foreword that explains the company’s evolution, followed by an introduction highlighting major threat themes. It includes detailed front-line observations, technical insights into attack techniques, and threat actor profiles, concluding with actionable recommendations and information on CrowdStrike’s services.
• Key statistics reveal a 40% increase in interactive intrusion volume year-over-year, with the technology sector being the most targeted for six consecutive years. The financial industry experienced an over 80% rise in intrusion activity, with North Korean state-sponsored adversaries leading aggressive campaigns against financial entities.
• Notable trends include a 583% increase in Kerberoasting attacks, harnessing compromised Active Directory credentials for privilege escalation, and the widespread abuse of identity in cyber intrusions. Additionally, adversaries are demonstrating advanced cross-platform capabilities, exploiting cloud misconfigurations, and leveraging legitimate RMM tools to blend into enterprise environments.
• Recurring themes emphasize the importance of identity security, vulnerability management, and rapid detection. The report underscores how adversaries focus on manipulating authentication protocols, exploiting weak or stolen credentials, and weaponizing legitimate tools, prompting organizations to adopt proactive threat hunting and robust security controls.
• Significant technical insights discuss the use of tools like Rubeus and Impacket for Kerberoasting, the growing sophistication of attackers in cloud environments, and the necessity for defense strategies including log interrogation, network monitoring, and credential hygiene to mitigate risks.