SECURITY

rowdStrike has released the 2024

Threat Hunting Report , highlighting the latest adversary trends , campaigns and tactics based on frontline intelligence from CrowdStrike ’ s elite threat hunters and intelligence analysts .

The report reveals a rise in nationstate and eCrime adversaries exploiting legitimate credentials and identities to evade detection and bypass legacy security controls , as well as a rise in hands-onkeyboard intrusions , cross-domain attacks and cloud control plane exploits .

Key findings include :

• North Korea-Nexus adversaries pose as legitimate U . S . employees : FAMOUS CHOLLIMA infiltrated over 100 primarily U . S . technology companies . Leveraging falsified or stolen identity documents , malicious insiders gained employment as remote IT personnel to exfiltrate data and carry out malicious activity .

• Hands-on-keyboard intrusions increase by 55 %: More threat actors are engaging in hands-on-keyboard activities to blend in as legitimate users and bypass legacy security controls . 86 % of all hands-on intrusions are executed by eCrime adversaries seeking financial gains . These attacks increased by 75 % in healthcare and 60 % in technology , which remains the most targeted sector for seven years in a row .

• RMM tool abuse grows by 70 %: Adversaries including CHEF SPIDER ( eCrime ) and STATIC KITTEN ( Irannexus ) are using legitimate Remote Monitoring and Management ( RMM ) tools like ConnectWise ScreenConnect for endpoint exploitation . RMM tool exploitation accounted for 27 % of all hands-on-keyboard intrusions .

• Cross-domain attacks persist : Threat actors are increasingly exploiting valid credentials in order to breach cloud environments and eventually using access to access endpoints . These attacks

Threat actors are increasingly engaging in interactive intrusions and employing crossdomain techniques to evade detection and achieve their objectives .

leave minimal footprints in each of those domains , like separate puzzle pieces , making them harder to detect .

• Cloud adversaries target the control plane : Cloud-conscious adversaries like SCATTERED SPIDER ( eCrime ) are leveraging social engineering , policy changes and password manager access to infiltrate cloud environments . They exploit connections between the cloud control plane and endpoints to move laterally , maintain persistence and exfiltrate data .

“ For over a decade , we ’ ve vigilantly tracked the most prolific hacktivist , eCrime and nation-state adversaries ,” said Adam Meyers , Head of Counter Adversary Operations at CrowdStrike . “ In tracking nearly 250 adversaries this past year , a central theme emerged – threat actors are increasingly engaging in interactive intrusions and employing cross-domain techniques to evade detection and achieve their objectives . Our comprehensive , humanled threat hunting directly informs the algorithms that power the AI-native Falcon platform , ensuring that we stay ahead of these evolving threats and continue to deliver the industry ’ s most effective cybersecurity solutions .”

WWW . INTELLIGENTCISO . COM 63