INFOGRAPHIC

583 % increase in Kerberoasting identity attacks and 3x spike in malicious use of legitimate RMM tools are the standout findings of the CrowdStrike 2023 Threat Hunting Report – as adversary breakout time hits a record low . The company ’ s sixth annual edition of the report , which covers attack trends and adversary tradecraft observed by CrowdStrike ’ s elite threat hunters and intelligence analysts , revealed a massive increase in identity-based intrusions and growing expertise by adversaries targeting the cloud . Covering adversary activity between July 2022 and June 2023 , the report is the first to be published by CrowdStrike ’ s newly unveiled Counter Adversary Operations team – officially announced at Black Hat USA 2023 .

Key findings from the report include :

• 583 % increase in Kerberoasting identity attacks highlights massive escalation in identity-based intrusions : CrowdStrike found an alarming nearly

6x year-over-year ( YoY ) spike in Kerberoasting attacks , a technique adversaries can abuse to obtain valid credentials for Microsoft Active Directory service accounts , often providing actors with higher privileges and allowing them to remain undetected in victim environments for longer periods of time . Overall , 62 % of all interactive intrusions involved the abuse of valid accounts , while there was a 160 % increase in attempts to gather secret keys and other credentials via cloud instance metadata APIs .

• 312 % YoY increase in adversaries leveraging legitimate RMM tools : Giving further credence to reports from CISA , adversaries are increasingly using legitimate and well-known remote IT management applications to avoid detection and blend into the noise of the enterprise in order to access sensitive data , deploy ransomware or install more tailored follow-on tactics .

• Adversary breakout time hits an all-time low of 79 minutes : The average time it takes an adversary to

28 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com