Identity-based intrusions have surged a staggering 583 percent over the past year as cybercriminals looked to exploit victims online using Kerberoasting attack methods, a new report finds.
The six-time increase in Kerberoasting identity attacks were used to obtain valid credentials for Active Directory service accounts, often providing actors with higher privileges and allowing them to remain undetected in victim environments for longer periods of time.
According to Crowdstrike’s 2023 Threat Hunting Report, 62 percent of all interactive intrusions involved the abuse of valid accounts and it also registered a 160 percent increase in attempts to gather secret keys and other credentials via cloud instance metadata APIs.
“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” Adam Meyers, head of Counter Adversary Operations at CrowdStrike, said in a statement on Tuesday.
Cybercriminals use familiar tools to fly under the radar
The report’s other findings suggest that cybercriminals have been turning to well-known remote IT management tools to hide their tracks.
This sneaky tactic, reported to have increased by a whopping 312 percent compared to last year, enables hackers to use everyday software to gain access to sensitive information, spread ransomware, or carry out tailored attacks.
This approach lets them bypass detection systems and operate undetected within organisations.
“Across all malicious activity tracked by CrowdStrike, 71 percent of intrusions were malware-free,” Meyers wrote in the report.
Criminals act faster than ever
In a concerning trend, hackers are moving faster than before.
The time it takes for them to move from breaking into a system to spreading to other parts of the network has hit a new record low of just 79 minutes. This rapid pace, down from last year’s low of 84 minutes, showcases their agility. In fact, the fastest observed breakout took an astonishingly brief seven minutes.
“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods,” Meyers added.
“Security leaders need to ask their teams if they have the solutions needed to stop lateral movement from an adversary in just seven minutes.”
Finance industry sees massive surge in attacks
The financial sector is facing a massive increase in cyber intrusions. Instances of attackers engaging in hands-on keyboard activity, a type of intrusion called “interactive,” skyrocketed by 80 percent over the past year.
These intrusions involve direct interaction with compromised systems, making them a serious concern. Overall, interactive intrusions increased by 40 percent across industries.
Other noteworthy findings from the report highlight a significant trend: a 147 percent rise in advertisements offering access to valid accounts, pointing to a problem of lowered barriers of entry for cybercriminals into organisations, requiring less advanced hacking skills.
Follow us on
