The annual global threat report from CrowdStrike Holdings Inc. reveals a profound shift in the cybersecurity landscape in 2024, marked by a significant rise in malware-free attacks, the use of artificial intelligence in social engineering strategies, and an increase in vulnerabilities targeting cloud environments.
The End of Traditional Malware: 79% of Attacks Without Malicious Software
The study indicates that nearly eight out of ten cyber intrusions in 2024 did not employ malware, representing a substantial increase from the 40% recorded in 2019. Instead, attackers have opted for legitimate remote management tools to bypass traditional defenses, allowing them to operate undetected by signature-based security solutions.
Another concerning statistic is the reduction in the expansion time of attacks. On average, cybercriminals took 48 minutes to move laterally within a compromised network, with some instances of propagation occurring in less than a minute, complicating timely responses by security teams.
Increase in Identity-Based Attacks and Targeted Deceptions
Attacks aimed at exploiting victims’ digital identities have grown significantly over the year. Key tactics include:
- Growth of Vishing: Voice phishing attacks increased more than fivefold, surpassing traditional phishing as the most common initial access method.
- Impersonation of Technical Support Staff: Attackers have refined their strategies to trick IT employees into resetting passwords or disabling multi-factor authentication.
- Commercialization of Stolen Credentials: The trading of access on underground forums grew by 50%, enabling attackers to obtain compromised credentials from the black market.
Increased Activity of China-Linked Groups
The CrowdStrike report also warns of increased activity from groups allegedly linked to the Chinese government. An estimated 150% growth in the activities of these actors was observed, with specific sectors registering increases of up to 300%. These operations are characterized by improved operational security (OPSEC) practices, making them harder to detect and trace.
Artificial Intelligence as a Cybercrime Tool
The rise of generative artificial intelligence has been a key factor in the evolution of cyber threats. The report highlights how groups such as FAMOUS CHOLLIMA, allegedly linked to North Korea, have used AI to fabricate job interviews and gain access to tech companies.
Other notable uses of artificial intelligence in cyberattacks include:
- Automated creation of phishing emails and messages.
- Use of deepfakes to deceive employees and customers.
- Automated disinformation campaigns on social media.
- Employing AI models to improve evasion techniques in targeted attacks.
Cloud Attacks and Exploitation of SaaS
The study also reveals an increase in cyberattacks targeting cloud platforms and software as a service (SaaS). Attackers have chosen to exploit legitimate credentials rather than using malware to avoid detection.
- 35% of cloud security incidents were related to the abuse of valid accounts.
- Microsoft 365, SharePoint, and business APIs became prime targets for data exfiltration.
Key Measures to Mitigate Risks
In light of the growing sophistication of attacks, CrowdStrike recommends bolstering security around identity and the cloud through:
- Implementation of phishing-resistant multi-factor authentication.
- Continuous monitoring of privileged accounts.
- Proactive threat detection to identify malware-free attacks before they establish.
- Using artificial intelligence for advanced behavioral analysis and anomaly detection.
The report concludes that attackers have widely adopted automation and artificial intelligence tools, necessitating that businesses respond with advanced real-time detection and response solutions. This is crucial for effectively mitigating threats before they turn into security breaches with irreversible consequences.
Via: Security News