CrowdStrike’s Falcon OverWatch threat hunters have reported that they responded to 77,000 attempts of hands-on, interactive intrusions, or approximately one potential intrusion every seven minutes between 1 July 2021 and 30 June 2022, which equates to a 50 per cent year-over-year increase.
According to a new report from CrowdStrike, the breakout time, or the time an adversary takes to move laterally from an initially compromised host to another host within the victim’s environment, fell to one hour and 24 minutes compared to one hour and 38 minutes during the year-earlier period, demonstrating that adversaries continue to sharpen their tradecraft.
The CrowdStrike research team has defined interactive intrusion activity as those malicious activities that involve the use of hands-on keyboard techniques, where an adversary is actively interacting with and executing actions on a host in pursuit of their objectives.
The term e-crime is the designation that CrowdStrike gives to the malicious intrusion activity that is criminally motivated.
This type of activity is most commonly characterised as intrusions where adversaries are pursuing financially driven objectives, according to Nick Lowe, director for Falcon OverWatch at CrowdStrike, who noted that ransomware, of course, being the most prolific example.
The number of interactive intrusions has risen along with an increase in the number of zero-day vulnerabilities and common vulnerabilities and exposures (CVEs). According to the CrowdStrike Overwatch researchers, as of 1 September 2022, there were 13,000 new vulnerabilities disclosed for the year compared to 20,000 publicly disclosed vulnerabilities in all of 2021.
“Overwatch focuses its hunting operations on post-exploitation behaviours rather than on specific common vulnerabilities and exposures,” Lowe said.
“This approach is critical when one considers those volumes of disclosed vulnerabilities along with some of the observed trends that we see, including exploit chaining, where adversaries are combining multiple discrete series to reach their objectives.”