CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, announced the release of the fourth annual Falcon OverWatch threat hunting report which found a record 50-percent year-on-year increase in hands-on intrusion attempts and distinct changes in attack trends and adversary tradecraft.
Falcon OverWatch threat hunters identified more than 77,000 potential intrusions, or about one potential intrusion every seven minutes. These are instances where proactive, human-led threat hunting uncovered adversaries actively carrying out malicious techniques at various stages of the attack chain, despite attackers’ best efforts to covertly evade autonomous detection methods.
Falcon OverWatch calculated that the breakout time—or the time it takes an adversary to move laterally from initial compromise to other hosts within the victim environment—for eCrime adversaries has fallen to one hour and 24 minutes from one hour and 38 minutes as in the previous report.
It also found that in one-third those eCrime intrusions, the adversary was able to move laterally in under 30 minutes. These findings underline the speed and scale at which threat actors evolve their tactics, techniques and procedures and are capable of bypassing even the most sophisticated technology-based defense systems to successfully achieve their goals.
“Over the past 12 months, the world has faced new challenges spurred by economic pressures and geopolitical tensions, backdropping a threat landscape that is as complicated as ever,” said Param Singh, vice president, Falcon OverWatch at CrowdStrike.
“To thwart brazen threat actors, security teams must implement solutions that proactively search for hidden and advanced attacks every hour of every day. The combination of the CrowdStrike Falcon platform with the telemetry, tooling, threat intelligence and human ingenuity of Falcon OverWatch managed threat hunting protects organizations globally against the most sophisticated and stealthy threats,” he said.
The report includes insights from Falcon OverWatch’s global threat hunting operations from July 1, 2021 through June 30, 2022, and outlines in-depth attack data and analysis, case studies and actionable recommendations.