Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Frauds.. Show all posts

Cloud Data Theft is Booming According to CrowdStrike

 

An industry-leading cybersecurity company known as CrowdStrike reported that it had seen the largest increase in adversaries in one year. This was in comparison with what it had observed in the past. There was an increase in cloud attacks by 95% according to the study, which identified 33 re-new threat actors, approximately three times as many cases from 2021 involving cloud-conscious actors as they did in 2022. 

As a result of these trends, CrowdStrike believes that it will become more common for e-currency and nation-state actors to use their tradecraft and knowledge to greatly exploit cloud environments in the future, it stated in its global threat report for 2023. 

There has been a shift among bad actors away from deactivating antivirus and firewall technologies, and away from efforts to tamper with logs. Instead, they have turned toward modifications to authentication processes and attacks on identities, according to the report. 

There has been a dramatic rise in identity theft as a result of a wide range of threats. Identifying and privileged access credentials are among the most common targets targeted by hackers. Why? On the dark web, attackers want to sell compromised information to third parties for high prices to become access brokers and make money off the stolen information. 

As attackers reinvent themselves as access brokers, CrowdStrike's report provides a sobering look at their emergence. There is a 20% increase in adversaries engaging in extortion campaigns and theft of data related to the cloud as per the report. 

A broader analysis revealed an increase of 33 new adversaries in just one year. This was the biggest increase in the number of adversaries ever! Recent telecommunications, BPO, tech, and BPO companies have been the victims of sophisticated attacks carried out by both Scattered Spider and Slippery Spider malware. 

Cloud Security is Hampered by Overcast Skies

In addition to the multitude of new and unknown threat actors that CrowdStrike's report uncovered, CrowdStrike's report also noted a surge in identity-based threats, cloud exploits, national intelligence services, and attacks that re-pointed to previously patched vulnerabilities as weapons of mass destruction.

CrowdStrikeFalcon OverWatch measures the break-through time of adversaries according to the report by determining how far a compromised host is from a second host within the victim environment or how long the adversaries have to move laterally within the victim environment to gain access to the compromised host. This report from the National Institute on Crime and Law Enforcement suggests that for interactive eCrime intrusions, the average breakthrough time has decreased from 98 minutes in 2021 to 84 minutes in 2022. 

To minimize costs and ancillary damages caused by attackers, CISOs and their teams must respond more quickly as the breach window shrinks, and as attack windows become shorter. The 1-10-60 rule is one that CrowdStrikes recommends security teams follow: detect threats within the first minute, understand them within the first 10 minutes, and respond within the first 60 minutes.

It is well known that hackers, nation-states, and cybercriminals are growing at an exponential rate around the world. 

In an announcement made by Meyers, CrowdStrike has added Syria, Turkey, and Columbia to its list of malicious host countries it has already identified. As a result of interactive intrusions, Meyers reported there was a 50% increase compared to last year. Human adversaries try to bypass the computer's and antivirus defenses, contributing to the rise in human-computer crime. 

The Microsoft company published 28 zero days and 1,200 patches; however, only two out of 28 of those patches and zero days were exploited by nation-nexus and cybercriminal adversaries, who circumvented patches and bypassed mitigations, exploiting legacy vulnerabilities such as Log4Shell and keeping up with ProxyNotShell and Follina vulnerabilities. 

Engineers and Cloud Defenders Must be Versatile 

A variety of techniques are used by attackers to inject themselves into cloud environments and move laterally once they have entered them. There’s no doubt that CrowdStrike’s data shows an increase in both the number of valid cloud accounts used for initial cloud access and the number of public-facing applications being deployed. Also, according to the company, there has been an increase in the number of actors who are attempting to discover cloud accounts as opposed to cloud infrastructures and using legitimate higher-privileged accounts when looking for cloud accounts. 

To be successful in the cloud computing field, engineers need to be more versatile than ever before. For a business or enterprise to succeed, they need to be able to manage, plan, architect, monitor, and anticipate issues regarding cloud security and manage them as part of a continuous process.