"Identity-Based Attacks Soared in Past Year: Report"

CrowdStrike recently released its 2023 Threat Hunting Report, warning that threat actors have doubled down on identity-based attacks over the past year.  The new report is based on data collected over 12 months between July 1, 2022, and June 30, 2023, and it covers several major topics, including identity threats, cybercrime group techniques and tactics, and Linux and macOS insights and trends.   CrowdStrike found that 62% of interactive intrusions involved the abuse of valid accounts, and 34% of breaches involved the use of domain or default accounts.  In addition, there was a 160% increase in attempts to collect secret keys and other credentials through cloud instance metadata APIs.  Pass-the-hash attacks increased by 200% year-over-year.  CrowdStrike noted that the biggest rise related to identity threats was observed in Kerberoasting attacks, which increased by 583%, with a Russian-speaking ransomware group known as Vice Spider and Vice Society being responsible for 27% of all Kerberoasting attacks.  Kerberoasting is a post-exploitation technique that involves the abuse of the Kerberos network authentication protocol.  CrowdStrike observed a 40% year-over-year increase in interactive intrusions, with the technology sector being the most targeted for the sixth year in a row.  The financial services industry saw the biggest increase in interactive intrusions, at more than 80%.

SecurityWeek reports: "Identity-Based Attacks Soared in Past Year: Report"