CrowdStrike, a provider of cloud-delivered endpoint, cloud workload, identity, and data protection, has released the fourth annual CrowdStrike Falcon OverWatch threat hunting report, titled Nowhere to Hide: 2022 Falcon OverWatch Threat Hunting Report. The global report reveals a 50% increase in hands-on intrusion attempts year over year (YoY), as well as distinct changes in attack trends and adversary tradecraft. Most notably, Falcon OverWatch threat hunters discovered over 77,000 potential intrusions, or roughly one every seven minutes. These are cases where proactive, human-led threat hunting uncovered adversaries actively carrying out malicious techniques at various stages of the attack chain, despite the attackers’ best efforts to avoid detection by autonomous methods.
Falcon OverWatch calculated that the breakout time (the average time it takes an adversary to move laterally from the initial compromise to other hosts within the victim environment) for eCrime adversaries has decreased to one hour and 24 minutes, down from one hour and 38 minutes reported by Falcon OverWatch in the 2022 CrowdStrike Global Threat Report. Furthermore, Falcon OverWatch discovered that in roughly one-third (30%) of those eCrime intrusions, the adversary was able to move laterally in less than 30 minutes. These findings highlight the speed and scale with which threat actors evolve their tactics, techniques, and procedures (TTPs), and their ability to successfully bypass even the most sophisticated technology-based defense systems.
“Over the past 12 months, the world has faced new challenges spurred by economic pressures and geopolitical tensions, backdropping a threat landscape that is as complicated as ever,” said Param Singh, vice president, Falcon OverWatch at CrowdStrike. “To thwart brazen threat actors, security teams must implement solutions that proactively search for hidden and advanced attacks every hour of every day. The combination of the CrowdStrike Falcon platform with the telemetry, tooling, threat intelligence and human ingenuity of Falcon OverWatch managed threat hunting protects organizations globally against the most sophisticated and stealthy threats.”
Other key findings from the report include:
The report summarizes in-depth attack data and analysis, case studies, and actionable recommendations from Falcon OverWatch’s global threat hunting operations from July 1, 2021 to June 30, 2022.