▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

2024 CrowdStrike Threat Hunting Report: Nation-States Exploit Legitimate Credentials to Pose as Insiders

CrowdStrike (NASDAQ: CRWD) released the 2024 Threat Hunting Report, highlighting the latest adversary trends, campaigns and tactics based on the frontline intelligence from CrowdStrike’s elite threa...

Business Wire

North Korean insider threat targets U.S. technology companies; cloud and cross-domain attacks, credential and RMM tool abuse persists

AUSTIN, Texas: CrowdStrike (NASDAQ: CRWD) released the 2024 Threat Hunting Report, highlighting the latest adversary trends, campaigns and tactics based on the frontline intelligence from CrowdStrike’s elite threat hunters and intelligence analysts. The report reveals a rise in nation-state and eCrime adversaries exploiting legitimate credentials and identities to evade detection and bypass legacy security controls, as well as a rise in hands-on-keyboard intrusions, cross-domain attacks, and cloud control plane exploits.

Key findings include:

  • North Korea-Nexus Adversaries Pose as Legitimate U.S. Employees: FAMOUS CHOLLIMA infiltrated over 100 primarily U.S. technology companies. Leveraging falsified or stolen identity documents, malicious insiders gained employment as remote IT personnel to exfiltrate data and carry out malicious activity.
  • Hands-on-Keyboard Intrusions Increase by 55%: More threat actors are engaging in hands-on-keyboard activities to blend in as legitimate users and bypass legacy security controls. 86% of all hands-on intrusions are executed by eCrime adversaries seeking financial gains. These attacks increased by 75% in healthcare and 60% in technology, which remains the most targeted sector for seven years in a row.
  • RMM Tool Abuse Grows by 70%: Adversaries including CHEF SPIDER (eCrime) and STATIC KITTEN (Iran-nexus) are using legitimate Remote Monitoring and Management (RMM) tools like ConnectWise ScreenConnect for endpoint exploitation. RMM tool exploitation accounted for 27% of all hands-on-keyboard intrusions.
  • Cross-Domain Attacks Persist: Threat actors are increasingly exploiting valid credentials in order to breach cloud environments and eventually using that access to access endpoints. These attacks leave minimal footprints in each of those domains, like separate puzzle pieces, making them harder to detect.
  • Cloud Adversaries Target the Control Plane: Cloud-conscious adversaries like SCATTERED SPIDER (eCrime) are leveraging social engineering, policy changes and password manager access to infiltrate cloud environments. They exploit connections between the cloud control plane and endpoints to move laterally, maintain persistence and exfiltrate data.

“For over a decade, we’ve vigilantly tracked the most prolific hacktivist, eCrime, and nation-state adversaries,” said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. “In tracking nearly 250 adversaries this past year, a central theme emerged—threat actors are increasingly engaging in interactive intrusions and employing cross-domain techniques to evade detection and achieve their objectives. Our comprehensive, human-led threat hunting directly informs the algorithms that power the AI-native Falcon platform, ensuring that we stay ahead of these evolving threats and continue to deliver the industry’s most effective cybersecurity solutions.”

Additional Resources

About CrowdStrike

CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2024 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

25 Italian Startups Will Be Present at Expand North Star 2024

Scheduled for October, the world's largest startup event will bring together more than 2,000 exhibitors in Dubai, UAE

Partitalia: Italian IoT innovation in San Francisco

The Italian IoT company is in the US for the second phase of CALL4INNOVIT

Sparkle works on environmentally sustainable content distribution

The Italian company partners with MainStreaming for high-performance, energy-efficient video streaming

Libraesva: being specialized is ok again in cybersecurity

Software vendors developing vertical solutions against specific attack vectors are 'cool' again. And when it comes to email security, all companies now…

Most read

New Zealand Buy Now Pay Later Business and Investment Opportunities Databook…

The "New Zealand Buy Now Pay Later Business and Investment Opportunities Databook - Q2 2024 Update" report has been added to ResearchAndMarkets.com's…

Kenya Buy Now Pay Later Business Report 2024: BNPL Payments to Grow by…

The "Kenya Buy Now Pay Later Business and Investment Opportunities Databook - 75+ KPIs on BNPL Market Size, End-Use Sectors, Market Share, Product Analysis,…

Median Technologies to host two webcasts on September 5, 2024

Regulatory News: Median Technologies (FR0011049824, ALMDT, PEA/SME eligible, “Median” or “The Company”) will host two live webcasts on September 5, 2024.…

Mark Lawyer Joins RWS’s Executive Team as President of Regulated Industries…

RWS, a unique, world-leading provider of technology-enabled language, content and intellectual property solutions, announces that Mark Lawyer has joined…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!