The time they need to access a system has been cut over the past year to an average of 84 minutes.
Seventy-one percent of attacks detected last year did not involve malware. Actions against the cloud increased by 95 percent. And interactive intrusions increased by 50 percent. This shows the ability of criminals to evade the defenses in place.
This is what emerges from CrowdStrike’s Global Threat Report 2023, which also leaves other conclusions.
“The last twelve months have brought us a unique combination of threats to the industry,” confirms Adam Meyers, head of intelligence at CrowdStrike.
“New, more sophisticated groups, the use of vulnerabilities that were thought to have been resolved, and the scares provoked after the start of the war in Ukraine – masking the Chinese government’s relentless activity – are just a few examples of what we have observed,” he sums up.
Meyers warns that “criminals today are smarter, more sophisticated and more resourceful than ever before in history, so only by understanding their techniques and their targets” and, of course, applying technology and expert knowledge, “we will be able to reduce their success”.
CrowdStrike has recorded thirty-three new criminal groups, including Scattered Spider and Slippy Spider. This is the highest year-on-year growth since the report, now in its ninth edition.
The number of accesses to ads on the dark web soared by 112% in 2022. Cybercriminals exploited vulnerabilities such as Log4Shell, ProxyNotShell and Follina, and turned their attention to social engineering tactics such as vishing.
Threat actors looking to steal information or perform extortion grew by 20% last year.
It is worth noting that the time it takes for a criminal to gain access to their victims’ systems has decreased over the period analyzed. If in 2021 the average was 98 minutes, it is now down to 84 minutes.