CrowdStrike Global Threat Report 2022 - The Findings

Goran Lepan
February 24, 2022


The highly anticipated CrowdStrike 2022 Global Threat Report (GTR) is based on first-hand observations combined with insights from CrowdStrike’s vast telemetry. Entering its eighth year, the annual GTR delivers crucial insights into what security teams need to know about the perilous and ever-evolving threat landscape. This year, the report hones in on themes that have emerged during 2021, as well as recommendations on how to mitigate the associated risks. As always, CrowdStrike’s GTR forms a fundamental tool to help you protect the people, processes and technologies that drive your business.


Not surprisingly, 2021 was another disruptive year in which pandemic-driven social, economic, and technological changes enabled cybercriminals to further refine their skills. As organisations battled to protect their supply chains and systems, we saw a wave of high-profile attacks. To stay ahead during 2022, it pays to be able to understand these events and gain visibility into the changing tactics of our adversaries. To consolidate its findings, CrowdStrike’s report can be unpacked into four main themes:

1. The Speed, Impact, and Advancement of Ransomware

The growth of Big Game Hunting (BGH) was felt across all sectors and all economies during 2021. CrowdStrike intelligence observed an 82% increase in ransomware-related data leaks compared to the previous year. CrowdStrike Intelligence also saw over 50 targeted ransomware events per week on average, with ransomware-related demands averaging $6.1M per ransom, up 36% from 2020. Adversaries demonstrated the ability to continually move operations to new approaches, with adaptability being the key to success.

2. The Evolution of Nation-State Affiliated Adversaries

Financially motivated eCrime activity continued to dominate the interactive intrusion attempts tracked by CrowdStrike OverWatch during 2021. Intrusions attributed to eCrime accounted for 49% of all observed activity. The use of high-profile lock-and-leak operations gave Iran an effective ability to target its rivals both locally and abroad with disruptive ransomware. Meanwhile, Chinese actors shifted their preferred exploitation methods from requiring user interaction to independently developing exploits or acquiring them from the in-country hacker community.

3. The Log4j Vulnerability

Log4Shell received more attention than any other vulnerability in 2021 due to the number of potentially affected endpoints. You could say it set the internet on fire. To quickly breakdown the gravity of this vulnerability - the universal logging library is used by many web applications and can be exploited by remote attackers to inject code. Specially crafted requests can result in access to systems, delivery of malware and data acquisition. To put it in non-technical terms, it would be the same as giving the keys to your house (without even realising) to a complete stranger you just saw pass in front of you.
At the end of 2021, a variety of groups incorporated Log4 Shell into their arsenal and aggressively engaged in widespread exploitation.

4. The Rising Abuse of Cloud-Based Services

As cloud-based services formed a crucial part of many business processes, they became an increasingly common target for malicious actors. Common cloud attack vectors include: Cloud Vulnerability Exploitation (CVE), credential-based intrusions, cloud service provider abuse, cloud-based malware delivery and exploitation of misconfigured image containers.


CrowdStrike’s GTR includes recommendations to assist you in addressing possible vulnerabilities within your business before they can be leveraged by cybercriminals. There are nine key recommendations within the report. However, we’ve pulled out the following suggestions, which we believe are paramount to helping strengthen your security posture:

  • Secure all critical areas of enterprise risk - it's vital to secure critical areas such as endpoints and cloud workloads, identity, and data. Solutions should include accurate detections, automated protection and remediation, elite threat hunting and prioritised observability of vulnerabilities. Be sure you know what you protecting.
  • Invest in solutions that prioritise speed and agility - data breaches can wreak havoc in a matter of hours, which makes speed truly of the essence when it comes to protecting your business. Speed and agility are fundamental, along with the visibility and automation of preventative, detention, investigative and response workflows. CrowdStrike Falcon Identity Threat Protection enables hyper-accurate threat detection and real-time prevention of identity-based attacks, combining the power of AI behavioural analytics and a flexible policy engine to enforce risk-based conditional access.
  • Utilise expert threat hunting - the combination of technology with expert threat hunters is fundamental to stop sophisticated threats that bypass legacy security solutions. At CrowdStrike managed services such as Falcon Complete and Falcon OverWatch can help you to improve your skills and gain invaluable expertise, resources, and coverage. They are best positioned to help you as they track the adversaries that are targeting you.
  • Build a culture of security - regardless of the security technologies you implement, the end-user will always be a crucial link in the chain and your last line of defence against data breaches. By building a cyber security culture, you can encourage continual user awareness, identify gaps, and reduce weaknesses in your cybersecurity practises and response.
  • An extra recommendation that I would suggest is to Eliminate any misconfigurations – The most common cause of cloud intrusions is due to human error introduced during common administrative tasks. It is important that your infrastructure is set up in a structured way and is audited in the same manner to alleviate any further lapses in security configuration.


2021 has taught us that adaptability and perseverance are fundamental. However, as our businesses find paths forward with new technologies and solutions, we need to be aware of the new risks and vulnerabilities that we create. As we move further into 2022, our adversaries will not only look for new ways in which they can bypass our security measures but continue to use tried-and-tested techniques.

In response to both existing and evolving threats, CrowdStrike intelligence provides industry-leading insights, analysis, and threat intelligence. To find out more, download the 2022 Global Threat Report. Or, for more information on the CrowdStrike Falcon platform, get in touch with the Infotrust team today. We are experts in the CrowdStrike Platform and can help you at every step of your endpoint security journey with CrowdStrike's industry-leading solution.