Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

33 New Adversaries Identified by CrowdStrike in 2022

CrowdStrike identified 33 new threat actors and campaigns in 2022, including many cybercrime groups and operations.

CrowdStrike on Tuesday published its 2023 Global Threat Report, which reveals that the company is now tracking more than 200 adversaries, after identifying 33 new threat actors and campaigns in 2022.

CrowdStrike told SecurityWeek that 14 of the 33 were actually brand new adversaries or activity, while the rest were linked to previous activity observed prior to 2022. 

More than 20 of the new threats were related to cybercriminal activities — the security firm tracks these as Spiders. The list also includes a Russia-linked group named Gossamer Bear, which has targeted government research labs, logistics companies, military suppliers and NGOs. 

CrowdStrike also added its first Syrian state-sponsored group to its tracker: Deadeye Hawk. The group was previously known as Deadeye Jackal — better known as the Syrian Electronic Army — and was categorized as a hacktivist group, but it has now been renamed and reclassified as a state-sponsored threat actor.  

CrowdStrike’s analysis of the threat landscape in 2022 also showed that cloud exploitation soared, with cloud exploitation cases increasing by 95%. 

In addition, attacks are also increasingly becoming ‘malware free’ — threat actors in many cases abused valid credentials and vulnerability exploitation for initial access rather than malware. Malware-free activity accounted for 71% of CrowdStrike’s detections last year, up from 62% in the previous year. 

The services of initial access brokers were in high demand last year, with the security firm seeing an increase of 112% in the number of ads for such services on the dark web.

There has also been an increase in cybercrime operations where attackers conducted data theft and extortion. The breakout time — the time it takes hackers to move from the initially compromised host to a different host within the victim’s network — has decreased from 98 minutes in 2021 to 84 minutes in 2022. 

Advertisement. Scroll to continue reading.

Average breakout times are important for defenders. If they can respond to an attack within that time window, they are more likely to minimize damage and costs. 

When it comes to state-sponsored activity, CrowdStrike says China was the most active last year, with its espionage operations being observed in nearly all global industry sectors and geographic regions tracked by the company. 

CrowdStrike has also confirmed the findings of other security firms regarding the cyber impact of the Russia-Ukraine war, saying that while Russia’s attacks were not insignificant, their impact was smaller than many expected. 

The full CrowdStrike 2023 Global Threat Report is available in PDF format. 

Related: Cyber Resilience: The New Strategy to Cope With Increased Threats

Related: Cybercriminals, State-Sponsored Threat Actors Exploiting Confluence Server Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Checkmarx has appointed Scott Gainey as Chief Marketing Officer.

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.