From relentless adversaries to resilient businesses
2022 was a year of explosive, adaptive and damaging threats. Adversaries continue to be relentless in their attacks as they become faster and more sophisticated. CrowdStrike’s 2023 Global Threat Report uncovers notable themes, trends and events across the cyber threat landscape, including:
- 33 newly named adversaries in 2022
- 200+ total adversaries tracked by CrowdStrike
- 95% increase in cloud exploitation
- 112% increase in access broker ads on the dark web
- 84 minutes average eCrime breakout time
- 71% of attacks were malware-free
Key report insights
Adversaries Increase Speed and Sophistication
eCrime adversaries proved relentless in 2022 with faster and more complex operations. The average eCrime breakout time is now 84 minutes, and 71% of attacks CrowdStrike Intelligence detected were malware-free.
Access Broker Boom Accelerated in 2022
Access brokers are threat actors who acquire credentials and access to organizations then provide or sell this access to other actors, including ransomware operators. The number of their ads increased 112% compared to 2021. This spike, along with an increase in social engineering attacks, highlight why identity threat protection is critical to stopping breaches.
Cloud is in the Crosshairs
Cloud exploitation grew by 95% in 2022 as CrowdStrike Intelligence observed a nearly 3x increase in "cloud-conscious" threat actors. Adversary techniques continue to grow more sophisticated for initial access, lateral movement, privilege escalation, defense evasion and data collection.
Vulnerability Reuse Makes Patching a Priority
Adversaries continue to exploit vulnerabilities with greater sophistication, seeking ways to bypass mitigations to target the same vulnerable components multiple times. The architectural weaknesses in legacy technology create systemic risk for organizations that rely on these older systems and are increasingly vulnerable to attacks.