Engaging in cybersecurity is a consistently demanding yet thrilling profession. It resembles frontline action more than mere computer work, especially amid a breach. Facing a relentless, formidable, and highly persistent adversary adds to the challenge. Recent industry data underscores the escalating strength of our adversaries.
Nonetheless, in the spirit of the adage “the greater the villain, the greater the hero,” the onus falls on us, cybersecurity professionals, and the broader community. We must assert ourselves to safeguard the interests of our organizations or clients.
Escalating Cybersecurity Perils in Europe
In response to a surge in cyber threats, the European Commission unveiled a €1.1bn initiative earlier this year. This comes amid heightened concerns fueled by numerous high-profile hacks in the past 24 months and a resurgence of hacktivism linked to Russia’s Ukraine invasion.
The European Union Agency for Cybersecurity’s (ENISA) latest Threat Landscape Report underscores the expanding size and intricacy of attacks. Europe witnessed its largest-ever DDoS attack in July last year. Equally perilous are AI-driven disinformation, deepfakes, and disinformation-as-a-service. Bots emulating human personas disrupt ‘notice-and-comment’ rulemaking and the cybersecurity community, flooding platforms with fabricated content.
ENISA’s Foresight 2030 report delves into emerging threats, highlighting the potential for cyber assaults on Europe’s space-based infrastructure and satellites.
Amidst this surge in volume, scale, and complexity, our research identifies a new challenge – the element of speed.
Rising Adversarial Velocity
In today’s threat landscape, security solutions must adapt to the escalating speed of adversaries. According to CrowdStrike’s 2023 Threat Hunting Report, the average breakout time for eCrime intrusion activity in the past year was a mere 79 minutes. Remarkably, Falcon OverWatch recorded an adversary with a breakout time of just seven minutes.
In the time it takes to make a cup of coffee, an adversary can infiltrate an initial host and expand within the victim’s environment. The swift development of N-day exploits, coupled with the increased use of zero-day vulnerabilities, emphasizes the urgency of expediting vulnerability and patch management.
Automated scanners have accelerated threat actors’ ability to exploit compromised credentials, monitoring platforms like GitHub for leaked logins. CISOs and their teams must swiftly identify, investigate, and remediate threats. At CrowdStrike, our mission is to aid them in detecting adversaries within minutes, not hours.
Surge in Identity-Based Attacks
A discernible trend reveals cyber adversaries concentrating on identity-based attacks, frequently commencing with an identity compromise. Adversaries exhibit versatility by exploiting various forms of identification and authorization, including underground sources. Our data discloses that 62% of interactive intrusions leverage valid accounts, while attempts to secure secret keys and credentials via cloud instance metadata APIs surged by 160%.
The spike in identity-based intrusions is further fueled by a 583% increase in Kerberoasting attacks. This technique allows adversaries to acquire valid credentials for Microsoft Active Directory service accounts, granting higher privileges and prolonged undetection in victim environments.
Organizations face heightened threats as attackers no longer require elevated privileges for the assault. Over the past year, Kerberos attacks were primarily associated with eCrime adversaries, notably VICE SPIDER, responsible for 27% of intrusions using the Kerberoasting technique.
Imperative: Enhanced Human-Machine Collaboration
As technology and security products advance, so do adversary tactics, evolving at an alarming rate. Adversaries, more agile and faster than a year ago, necessitate a modern approach. To combat this, tight human-machine collaboration becomes crucial, addressing the speed, volume, and sophistication of attacks. When executed adeptly, this collaboration accelerates threat detection, aids decision-making, and reveals hidden threats.
Cybersecurity teams in Europe must intensify collaboration to devise strategies that elevate the cost for cybercriminals. Human-driven threat hunting, marked by tenacity and technical proficiency, adds substantial value. The fusion of human innovation and joint efforts creates an environment where adversaries find no refuge.
