CrowdStrike 2024全球威胁报告

Foreword The 2024 edition of the CrowdStrike Global Threat Report arrives ata pivotal moment for our global community of protectors. The speedand ferocity of cyberattacks continue to accelerate as adversariescompress the time between initial entry, lateral movement and breach.At the same time, the rise of generative AI has the potential to lower thebarrier of entry for low-skilled adversaries, making it easier to launchattacks that are more sophisticated and state of the art. These trends are driving a tectonic shift in the security landscape andthe world. The “good enough” approach to cybersecurity is simply nolonger good enough for modern threats. As organizations increasinglymove business to the cloud, adversaries are advancing their capabilitiesto exploit this, and abuse features unique to the cloud. We continue tosee identity-based attacks take center stage, as adversaries focus onsocial engineering attacks that bypass multifactor authentication.The use of legitimate tools to execute an attack, an increasinglyprevalent technique, impedes the ability to differentiate betweennormal activity and a breach. We are entering an era of a cyber arms race where AI will amplifythe impact for both the security professional and the adversary.Organizations cannot afford to fall behind, and the legacy technologyof yesterday is no match for the speed and sophistication of themodern adversary. With the release of the CrowdStrike 2024 Global Threat Report, ourelite Counter Adversary Operations team is delivering the actionableintelligence you need to stay ahead of today’s threats and secure yourfuture. This year’s report provides critical insight and observations intoadversary activity, including: ►The tactics and techniques that adversaries use to exploitgaps in cloud protection ►The continued exploitation of stolen identity credentialsand increasingly sophisticated methods adversaries use to gaininitial access ►The growing menace of supply chain attacks and exploitationof trusted software to maximize the ROI of attacks ►The potential for adversaries to target global elections in a yearthat has the potential to transform geopolitics around the worldfor the near future From Day One, CrowdStrike has said, “You don’t have a malwareproblem, you have an adversary problem.” We pioneered the conceptof adversary-focused cybersecurity because it’s the best way toprotect customers and stop breaches. We know the adversary betterthan anyone, and we use this insight to guide our innovation, protectcustomers, stop breaches and increase the cost to the adversary. A secure future requires a strong foundation. This is what we’redelivering with the AI-native CrowdStrike Falcon® XDR platform.We’re driving the convergence of data, cybersecurity and IT, withgenerative AI and workflow automation built natively within a single,unified platform to give you and your teams the speed you need tobeat the adversary. I hope you find the CrowdStrike 2024 Global Threat Report informativeand inspiring in our shared fight against the adversary. CrowdStrike willremain unrelenting in our mission to deliver the security outcome youneed most: stopping the breach. George Kurtz CrowdStrike CEO/Co-Founder Table ofContents Introduction5 Naming Conventions8 Threat Landscape Overview9 2023 Themes Identity-Based and Social Engineering Attacks Adversaries Continue to Develop Cloud-Consciousness Third-Party Relationship Exploitation Vulnerability Landscape: “Under the Radar” Exploitation 2023 Israel-Hamas Conflict: Cyber OperationsFocus on Disruption and Influence Threats on the 2024 Horizon 32 eCrime Landscape 38 Targeted eCrime48 Conclusion52 Recommendations54 CrowdStrike Products and Services56 About CrowdStrike61 Introduction As we reflect on the 2023 cyber threat landscape, the theme of stealth prevails.Adversaries have faced a hardening attack surface thanks to advancements in threatdefense technology and threat awareness, and they have responded by increasinglyadopting and relying on techniques that empower them to move faster and evadedetection. DATA-THEFT EXTORTION CONTINUESTO BE AN ATTRACTIVE — AND OFTENEASIER — MONETIZATION ROUTE, ASEVIDENCED BY THE 76% INCREASE INTHE NUMBER OF VICTIMS NAMED ONBGH DEDICATED LEAK SITES These techniques are evident in the consistent prevalence of eCrime, a highly attractiveand lucrative business venture for many criminals. Unsurprisingly, eCrime persisted asthe most pervasive threat across the 2023 threat landscape as adversaries leveragedtechniques to maximize stealth, speed and impact. While ransomware remains the tool of choice for many big game hunting(BGH) adversaries, data-theft extortion continues to be an attractive — and ofteneasier — monetization route, as evidenced by the 76% increase in the number ofvictims named on BGH dedicated leak sites (DLSs) between 2022 and 2023.Access brokers continued to profit by providing initial access to eCrime threatactors throughout the year,