Past year metrics showed them infiltrating US organizations; abusing RMM tools; executing attacks across multiple domains; and targeting control panes 

A major cybersecurity firm has released a yearly report on the latest threat-adversary trends, campaigns and tactics, based on its frontline intelligence.

For the seventh consecutive year, technology remained the most-frequented targeted sector in the Americas, Europe, the Middle East and Africa, and the Asia Pacific and Japan regions. In second place were the Consulting and professional services industry, due to the vast amount of sensitive information they hold: including strategic plans and trade secrets.

Overall, the firm’s metrics reveal a rise in state-sponsored and cybercrime adversaries exploiting legitimate credentials and identities to evade detection and bypass legacy security controls. Also:

  • North Korea threat groups posed as legitimate US employees: Over 100 primarily-US technology firms had been infiltrated using falsified or stolen identity documents and insiders to gain employment as remote IT personnel to exfiltrate data and carry out malicious activity.
  • Hands-on-Keyboard intrusions had increased by 55%: More threat actors had been engaging in such activities to blend in as legitimate users and bypass legacy security controls, with 86% executed by adversaries seeking financial gains. The increases in such attacks in healthcare (7%) and technology (60%) customers has rendered them the most targeted sectors in the cybersecurity firm’s metrics for the seventh year in a row. Adversaries including Chef Spider and Static Kitten (Iran-nexus) had been using legitimate remote monitoring and management tools for endpoint exploitation, accounting for 27% of all hands-on-keyboard intrusions.
  • Cross-domain attacks have persisted: Threat actors have been increasingly exploiting valid credentials in order to breach cloud environments and eventually using that access to attack endpoints with minimal footprints in each affected domain.
  • Cloud adversaries targeted the control plane: Cloud-conscious adversaries such as Scattered Spider have been leveraging social engineering, policy changes, and password manager access to infiltrate cloud environments and exploiting connections between the cloud control plane and endpoints to move laterally, maintain persistence, and exfiltrate data.

According to Adam Meyers, Head of Counter Adversary Operations, CrowdStrike, the firm that released its frontline teams’ intelligence 2023 -2024 metrics: “In tracking nearly 250 adversaries this past year, a central theme emerged: threat actors increasingly engaging in interactive intrusions and employing cross-domain techniques to evade detection and achieve their objectives.”