The latest edition of the CrowdStrike Global Threat Report comes at an important time for protectors around the world. As organizations focus on managing remote and hybrid teams, operationalizing years of digital transformation and navigating an uncertain global economy, adversaries have become more sophisticated, relentless and damaging in their attacks. As a result, a number of disruptive trends emerged in 2022 that threaten productivity and global stability.
The year started ominously as Russia’s deadly war of aggression in Ukraine brought about a terrible human toll, threatened international order and put countless global organizations at risk of spillover cyberattacks. At the same time, China state-nexus adversaries ramped up their cyber espionage campaigns, and Iranian actors launched destructive “lock-and-leak” operations using ransomware.
These growing nation-state attacks coincided with organizations struggling to manage an explosive landscape of vulnerabilities that amplified systemic risk. The constant disclosure of vulnerabilities affecting legacy infrastructure like Microsoft Active Directory continued to burden security teams and present an open door to attackers, while the ubiquitous Log4Shell vulnerability ushered in a new era of “vulnerability rediscovery,” during which adversaries modify or reapply the same exploit to target other similarly
Even our wins on the security front were tempered by the adversaries’ ability to adapt.
Collaboration between the government and private sector dramatically improved, resulting in the arrest and dismantling of some of the world’s most notorious ransomware gangs — only to see splinter groups recalibrate and flourish.
Stopping breaches requires an understanding of the adversary, including their motivations, techniques and how they’re going to target your organization. Developed based on the firsthand observations of our elite cyber responders and analysts, CrowdStrike’s annual Global Threat Report provides this actionable intelligence to protectors around the world.
Last year, CrowdStrike’s Global Threat Report highlighted that 80% of cyberattacks leveraged identity-based techniques to compromise legitimate credentials and try to evade detection. This year, the report shows adversaries are doubling down on stolen credentials, with a 112% year-over-year increase in advertisements for access-broker services identified in the criminal underground. Organizations armed with this knowledge last year were able to harden their defenses and stay a step ahead of the adversary.
The 2022 cyber threat landscape was defined by persistence, increased target scope and relentless determination. As businesses began to ease pandemic-driven operating environments and adjust to geopolitical shifts and growing economic hardships, adversaries supporting nation-state, eCrime and hacktivist motivations started 2022 with a relentless show of effort that endured throughout the year.
Nation-state adversaries engaged in relentless computer network operations throughout 2022, emphasizing the integral role these operations play in supporting state goals.
Russian state-nexus adversaries combined destructive, espionage and information operations (IO) attacks in constant support of the Ukraine war, and China statenexus adversaries dominated the cyber threat landscape with a significant increase in espionage operation volume and target scope. Iran continued to focus on regional espionage campaigns and their now-signature destructive “lock-and-leak” operations
leveraging ransomware, and Democratic People’s Republic of Korea (DPRK) state-nexus adversaries persisted in cryptocurrency theft campaigns to supplement state funds in the wake of the COVID-19 pandemic and the nation’s long-standing economic hardship.
Over the course of 2022, eCrime adversaries continued to prove their ability to adapt, splinter, regroup and flourish in the face of defensive measures. After some of the biggest and most notorious ransomware enterprise shutdowns, ransomware affiliates moved to new ransomware-as-a-service (RaaS) operations. Additionally, more than 2,500 advertisements for access were identified across the criminal underground, representing a 112% increase compared to 2021 and demonstrating a clear demand for access broker services.
CrowdStrike Intelligence also observed an increase in social engineering using human interaction, such as vishing, to successfully download malware or circumvent multifactor authentication (MFA), proving direct interaction with victims remains a valuable asset to eCrime operations.
Hacktivists in 2022 embraced an environment of misinformation, capitalizing on major geopolitical shifts to relentlessly stoke national unrest and promote specific ideologies.
While much of their activity concentrated on entities within the Russo-Ukrainian region, increased spillover activity involving targeting of near-abroad, European and U.S. entities occurred throughout the latter half of 2022 into 2023.