CROWDSTRIKE 2024 Global Threat Report

This yearโ€™s report provides critical insight and observations into adversary activity, including:

โ–บ The tactics and techniques that adversaries use to exploit gaps in cloud protection

โ–บ The continued exploitation of stolen identity credentials and increasingly sophisticated methods adversaries use to gain initial access

โ–บ The growing menace of supply chain attacks and exploitation of trusted software to maximize the ROI of attacks

โ–บ The potential for adversaries to target global elections in a year that has the potential to transform geopolitics around the world for the near future

Recommendations

1. Make identity protection a must-have

Due to high success rates, identity-based and social engineering attacks surged in 2023. Stolen credentials grant adversaries swift access and control โ€” an instant gateway to a breach. To counter these threats, it is essential to implement phishing-resistant multifactor authentication and extend it to legacy systems and protocols, educate teams on social engineering and implement technology that can detect and correlate threats across identity, endpoint and cloud environments. Cross-domain visibility and enforcement enables security teams to detect lateral movement, get full attack path visibility and hunt for malicious use of legitimate tools. Addressing sophisticated access methods such as SIM swapping, MFA bypass and the theft of API keys, session cookies and Kerberos tickets requires proactive and continuous hunting for malicious behavior.

2. Prioritize cloud-native application protection platforms (CNAPPs)

Cloud adoption is exploding as companies realize the potential for innovation and business agility that the cloud offers. Due to this growth, the cloud is rapidly becoming a major battleground for cyberattacks. Businesses need full cloud visibility, including into applications and APIs, to eliminate misconfigurations, vulnerabilities and other security threats. CNAPPs are critical: Cloud security tools shouldnโ€™t exist in isolation, and CNAPPs provide a unified platform that simplifies monitoring, detecting and acting on potential cloud security threats and vulnerabilities. Select a CNAPP that includes pre-runtime protection, runtime protection and agentless technology to help you discover and map your apps and APIs running in production, showing you all attack surfaces, threats and critical business risks.

3. Gain visibility across the most critical areas of enterprise risk

Adversaries often use valid credentials to access cloud-facing victim environments and then use legitimate tools to execute their attack, making it difficult for defenders to differentiate between normal user activity and a breach. To identify this type of attack, you need to understand the relationship between identity, cloud, endpoint and data protection telemetry, which may be in separate systems. In fact, the average enterprise uses 45+ security tools, creating data silos and gaps in visibility. By consolidating into a unified security platform with AI capabilities, organizations have complete visibility in one place and can easily control their operations. With a consolidated security platform, organizations save time and money and can quickly and confidently discover, identify and stop breaches.

4. Drive efficiency: Adversaries are getting faster โ€” are you?

It takes adversaries an average of 62 minutes โ€” and the fastest only 2 minutes โ€” to move laterally from an initially compromised host to another host within the environment. Can you keep up? Letโ€™s face it โ€” legacy SIEM solutions have failed the SOC. They are too slow, complex and costly, and they were designed for an age when data volumes โ€” and adversary speed and sophistication โ€” were a fraction of what they are today. You need a tool thatโ€™s faster, easier to deploy and more cost-effective than legacy SIEM solutions. Investigate better approaches,view which unifies all threat detection, investigation and response in one cloud-delivered, AI-native platform for unrivaled efficiency and speed. Or, if you donโ€™t have an internal SOC team, consider 24/7 managed detection and response (MDR).

5. Build a cybersecurity culture

Though technology is clearly critical in the fight to detect and stop intrusions, the end user remains a crucial link in the chain to stop breaches. User awareness programs should be initiated to combat the continued threat of phishing and related social engineering techniques. For security teams, practice makes perfect. Encourage an environment that routinely performs tabletop exercises and red/blue teaming to identify gaps and eliminate weaknesses in your cybersecurity practices and response.

Source: CROWDSTRIKE - www.crowdstrike.com

  • 2024 Global DevSecOps Report - report




rhnux :: | | :: Made with MkDocs + Simple Blog