The abundance of IT systems offers hackers more hiding places than ever. This means they no longer have to look for gaps in your security: they break in through your front door unnoticed.

Cybersecurity is not about malware, but about the adversary. This has been CrowdStrike’s philosophy since its founding in 2011. The security company insists that behind every malware attack, no matter how automated, there is a human behind the controls. To truly understand what you need to defend against, you need to study not just the behavior of malware, but specifically the behavior of human actors.

This message is also clearly reflected in the recently published study Threat Hunting Report. The report provides comprehensive insights into how attackers will operate in 2023, demonstrating once again how hackers continue to reinvent their methods to break into organizations. Dave van den Heuvel, General Manager of CrowdStrike in the Benelux region, also notes this: “In the past, attention was always paid to malware. But attackers are now also entering through the ‘front door’.”

Identity theft is no joke

Typically, you only allow trusted people into your home, so burglars must first pose as a legitimate user. To achieve this, they are after the most valuable asset of all: their (digital) identity. According to the CrowdStrike report, eighty percent of intrusions use stolen credentials.

“Attackers know very well who to attack in your company,” explains van den Heuvel. “Through social engineering attacks, hackers target accounts that have a lot of privileges. With the right permissions, you can move around unnoticed. The attacker is entering the end of the security chain, so to speak.”

Organizations must therefore be vigilant of stolen corporate account credentials. Van den Heuvel: “It is important to monitor in real time which credentials may have been compromised. Once stolen, your account information will be put up for sale on the Internet. Your identity is valuable to criminals because with an authorized account they can break right into your business.”

Dark clouds

Remote and hybrid work has pushed many companies into the cloud at an ever-increasing pace. This transition was necessary, but it was not entirely smooth. Hackers have retrained themselves to become cloud experts and often know companies’ cloud environments better than the employees themselves. This means that the cloud offers new access routes for attackers.

Van den Heuvel makes it clear: “The attack surface is increasing. When we work from home we are given more IT tools and also have to identify ourselves in different ways. This gives attackers more room to hide between systems and move laterally.” In particular, RMM software (remote monitoring and management) Remote management of devices is becoming very popular.

CrowdStrike reports a whopping 312 percent increase in “hostile use” of this type of software. The goal here is again to break in via a known route. “Another big problem is misconfiguration of applications in the cloud,” continues van den Heuvel.

Speed ​​records

Because of all of these factors, attackers seem to be moving faster every year. The average breakout time, which is the time it takes for an attacker to travel from the initial attack to other hosts around the victim, has dropped from 84 minutes to 79 minutes in 2023. This is the lowest average so far. This year, CrowdStrike researchers even set a speed record of seven minutes.

“The fastest eruption we saw lasted barely seven minutes. I find that quite worrying,” says van den Heuvel. “Every organization must ask itself whether it is adequately equipped to stop attacks. Seven minutes isn’t a lot of time. It’s not just about software, but also about processes and people. They still have post-its with passwords on the screen.”

In the past, attention was always paid to malware. But attackers are now also breaking in through the “front door”.

Dave van den Heuvel, Managing Director CrowdStrike Benelux

This is an editorial contribution in collaboration with Crowdstrike. Click here to learn more about the company’s latest Thread Hunting report.