Connect with us

Hi, what are you looking for?



Identity-Based Attacks Soared in Past Year: Report

Identity-based attacks have soared in the past year, according to CrowdStrike’s 2023 Threat Hunting Report.

CrowdStrike on Tuesday released its 2023 Threat Hunting Report, warning that threat actors have doubled down on identity-based attacks over the past year.

The new report is based on data collected over a 12-month period — between July 1, 2022, and June 30, 2023 — and it covers several major topics, including identity threats, cybercrime group techniques and tactics, as well as Linux and macOS insights and trends.

According to CrowdStrike, 62% of interactive intrusions involved the abuse of valid accounts, and 34% of breaches involved the use of domain or default accounts. In addition, there was a 160% increase in attempts to collect secret keys and other credentials through cloud instance metadata APIs. Pass-the-hash attacks increased by 200% year-over-year. 

The biggest rise related to identity threats was observed in Kerberoasting attacks, which increased 583%, with a Russian-speaking ransomware group known as Vice Spider and Vice Society being responsible for 27% of all Kerberoasting attacks. 

Kerberoasting is a post-exploitation technique that involves the abuse of the Kerberos network authentication protocol. It can be leveraged for privilege escalation and lateral movement, and attacks are not easy to detect due to the fact that Kerberos is widely used and malicious activities blend with regular activity. 

“Windows devices use the Kerberos authentication protocol, which grants tickets to provide users access based on service principal names (SPNs). Kerberoasting specifically involves the theft of tickets associated with SPNs. These tickets contain encrypted credentials that can be cracked offline using brute-force methods to uncover the plaintext credentials,” CrowdStrike explained.

The cybersecurity firm observed a 40% year-over-year increase in interactive intrusions, with the technology sector being the most targeted for the sixth year in a row. The financial services industry saw the biggest increase in interactive intrusions, at more than 80%.

Advertisement. Scroll to continue reading.

The most aggressive state-sponsored threat actors to target the financial sector operate on behalf of North Korea, CrowdStrike said.

The latest threat report also shows a 147% increase in initial access broker ads on the dark web. There has also been an increase of more than 300% in the use of legitimate remote monitoring and management (RMM) tools. 

Related: Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report

Related: Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends

Related: 33 New Adversaries Identified by CrowdStrike in 2022

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.