Attack velocity surges with average breakout time down to only 62 minutes

The speed of cyberattacks continues to accelerate at an alarming rate, according to CrowdStrike.

Adversaries increasingly exploit stolen credentials

The speed of cyberattacks continues to accelerate at an alarming rate. The report indicates that the average breakout time is down to only 62 minutes from 84 in the previous year (with the fastest recorded attack coming in at 2 minutes and 7 seconds).

Once initial access was obtained, it took only 31 seconds for an adversary to drop initial discovery tools in an attempt to compromise victims.

The report notes a sharp increase in interactive intrusions and hands-on-keyboard activity (60%) as adversaries increasingly exploit stolen credentials to gain initial access at targeted organizations.

Adversaries turned their sights to the cloud through valid credentials – creating a challenge for defenders looking to differentiate between normal and malicious user behavior. The report shows cloud intrusions increased by 75% overall with cloud-conscious cases amplifying by 110% year-over-year.

Disrupting democracy by targeting global elections

In 2023, CrowdStrike observed nation-state actors and hacktivists experimenting with and seeking to abuse generative AI to democratize attacks and lower the barrier of entry for more sophisticated operations. The report highlights how generative AI will likely be used for cyber activities in 2024 as the technology continues to gain popularity.

With more than 40 democratic elections scheduled in 2024, nation-state and eCrime adversaries will have numerous opportunities to disrupt the electoral process or sway voter opinion. Nation-state actors from China, Russia and Iran are highly likely to conduct mis- or disinformation operations to sow disruption against the backdrop of geoconflicts and global elections.

“Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen eCrime groups, sophisticated nation-state actors and hacktivists targeting businesses in every sector spanning the globe. Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard of speed, while threat groups continued to experiment with new technologies, like GenAI, to increase the success and tempo of their malicious operations,” said Adam Meyers, head of Counter Adversary Operations, CrowdStrike.

“To defeat relentless adversaries, organizations must embrace a platform-approach, fueled by threat intelligence and hunting, to protect identity, prioritize cloud protection, and give comprehensive visibility into areas of enterprise risk,” added Meyers.