CrowdStrike Global Threat Report 2024 – The Findings
CrowdStrike has announced the release of its 2024 Global Threat Report, the company's annual report dedicated to highlighting emerging and continuing cybersecurity threats. This year's report covers the tactics and techniques used to exploit gaps in cloud protection, the continued exploitation of stolen identity credentials, the growing menace of supply chain attacks and the potential for advanced technologies and global elections to disrupt the threat landscape. The report also offers practical recommendations to help protect your business in the coming year. With the threat level rising higher than ever, it's vital to be aware of the existing and upcoming threats and put the necessary measures in place to protect your business in 2024 and beyond.
Threat Landscape Overview
The 2024 edition of the CrowdStrike Global Threat Report has arrived at a pivotal moment for cybersecurity professionals. While the speed and ferocity of cyberattacks continue to accelerate, the rise of generative AI has the potential to lower the barrier of entry for adversaries. Trends such as this are driving a change in the security landscape, where a 'good enough' approach will no longer be sufficient to counter modern threats.
The threat landscape can be summarised by the following key statistics from the report:
- 34 new adversaries were tracked by CrowdStrike, raising the total to 232
- Cloud-conscious cases increased by 110% year on year
- Cloud environment intrusions increased by 75% year-on-year
- 76% year-on-year increase in victims named on eCrime dedicated leak sites
- 84% of adversary-attributed cloud-conscious intrusions were focused on e-Crime
2024 Themes and Trends
To consolidate the report, the findings can be unpacked into four main trends:
1. Identity-Based and Social Engineering Attacks
Throughout 2023, adversaries from various motivations and regions persistently employed phishing tactics to imitate legitimate users, aiming at genuine accounts and crucial authentication data. CrowdStrike noted a trend where adversaries expanded their scope beyond stealing mere account credentials, targeting a range of valuable assets, including API keys, secrets, session cookies, tokens, one-time passwords (OTPs), and Kerberos tickets.
2. Evolving Cloud Threats
As global cloud adoption continues to surge, adversaries are seizing the opportunity, turning the cloud into a central focus for their operations. Cloud-aware adversaries, notably eCrime actors, are leveraging valid credentials to infiltrate victims' cloud infrastructures, deploying legitimate tools to carry out their attacks and blurring the lines between regular user actions and security breaches.
3. Increasing Third-Party Risk
In 2023, targeted intrusion actors continued exploiting trusted relationships to infiltrate organisations worldwide. These attacks exploit vendor-client connections, using two main tactics: compromising the software supply chain and leveraging access to IT service providers. The motivation behind the increase in third-party exploits is the significant potential for return on investment (ROI). One compromise can quickly cascade into numerous follow-on targets, enabling adversaries to exploit even the most secure end targets effectively.
4. Potential Threats Emerging in 2024
As organisations prepare for potential threats in 2024, two major disruptive forces are taking centre stage:
- Generative AI - the boom in accessible generative AI technology has raised concerns as adversaries seize its potential for malicious purposes. This democratisation of computing power could fuel their operations and potentially lower the barrier to entry for less skilled attackers. Two key risk areas are the development of malicious tools and scripts and the enhancement of social engineering and information operations through tailored content creation and manipulation.
- Global Government Elections - 2024's international elections present a unique threat landscape. With over 42% of the global population participating in elections across 55 countries, including major powers like India and the US, attackers have ample opportunity to disrupt these critical events. This year's geopolitical tensions further heighten the risk, with elections unfolding in Taiwan and Russia.
CrowdStrike's Recommendations
CrowdStrike's recommendations can help you address possible vulnerabilities within your business before they can be leveraged by cybercriminals. To strengthen your security posture, CrowdStrike advises a focus on the following key areas:
- Make Identity Protection Mandatory - you should implement robust multi-factor authentication, educate employees on social engineering tactics, and monitor all environments for suspicious activity to prevent adversaries from exploiting stolen credentials and achieving swift access.
- Prioritise Cloud-Native Application Protection Platforms (CNAPPs) - CNAPPs offer a unified platform to streamline security monitoring, threat detection, and response across your cloud environment. Opt for a CNAPP that provides pre-runtime, runtime, and agentless protection for comprehensive coverage.
- Adopt a Unified Security Platform - consolidate your identity, cloud, endpoint, and data protection telemetry into a single, AI-powered security platform. This unified view empowers you to identify and respond to breaches swiftly and efficiently, saving time and resources.
- Enhance Threat Detection, Investigation, and Response - explore faster, cloud-based platforms that leverage artificial intelligence (AI) for threat detection, investigation, and response. These next-generation platforms offer improved efficiency and visibility compared to legacy SIEMs. Alternatively, consider 24/7 managed detection and response (MDR) services for continuous monitoring and response.
- Create a Culture of Security - implement user awareness programs to combat phishing and social engineering. Additionally, foster a culture of security within your team by conducting regular tabletop exercises and red/blue teaming to identify vulnerabilities and continuously improve your cybersecurity posture.
Protecting Your Business in 2024 and Beyond
CrowdStrike's report highlights the evolving landscape of threats facing organisations worldwide. As we navigate these challenges, businesses must stay vigilant and proactively safeguard their assets. To learn more about the specific threats outlined in the report and how to protect your business in 2024 and beyond, download the CrowdStrike Global Threat Report today.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help