According to a new report, hackers are getting smarter, and in many cases, they can now hack without malware.
According to the 2023 Global Threat Report by cybersecurity firm CrowdStrike, three-quarters (nearly 71%) of cyberattacks detected in 2022 were launched without malware, up from 62% a year earlier.
According to CrowdStrike, its reporting is based on "billions of daily event data" from the CrowdStrike Falcon Platform and CrowdStrike Falcon OverWatch security products.
Interactive exploits that require keyboard access also increased by 50% year-over-year, the researchers said, illustrating "increasingly sophisticated human enemies trying to bypass antivirus software" and evade threats.
Additionally, according to the report, average penetration time is now down to just 84 minutes from 98 minutes a year ago, meaning cybercriminals are moving faster.
CrowdStrike delved into the state of cybercrime and found that the value and demand for identity and credentials increased 112% in 2022 compared to 2021.
The number of cloud service breaches increased by 95%, while the number of cloud service breaches nearly tripled over the same period.
“Over the past 12 months, a unique set of threats have returned to the forefront of cybersecurity,” said Adam Myers, Director of Analytics at CrowdStrike. Fragmented cybercriminal groups have re-emerged in more sophisticated ways, aggressive threat actors are avoiding patching or mitigating vulnerabilities, and the grave threat of the Russia-Ukraine conflict lurks in more ominous signs. "
"Today's threat actors are smarter, more sophisticated, and better equipped than at any time in the history of cybersecurity," Myers added. Only when organizations understand their rapidly evolving technologies, methodologies, and goals, and apply techniques driven by the latest threat intelligence, can organizations outpace their increasingly tenacious opponents today. "
The number of hacking groups is growing rapidly, researchers say, and they say there will be 33 new adversaries by 2022. According to the report, this is the largest increase researchers have seen in a single year.
Among these threat actors are SCATTERED SPIDER and SLIPPY SPIDER, two groups behind "several high-profile attacks" against telecom and technology companies.
In addition, hackers still use known vulnerabilities and outdated tools. The Log4Shell vulnerability remains a major bug, along with the ProxyNotShell and Follina vulnerabilities.