2023 Threat Hunting Report

The problem isn’t malware — it’s adversaries. To stop these adversaries, security teams must understand how they operate. In the 2023 Threat Hunting Report, CrowdStrike’s Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches.

Covering adversary activity between July 2022 and June 2023, the 2023 Threat Hunting Report is the first to be published by CrowdStrike’s newly unveiled Counter Adversary Operations team, which was officially announced this week at Black Hat USA 2023.

Key findings from the report include:

• 583% increase in Kerberoasting identity attacks highlight massive escalation in identity-based intrusions.

• 312% YoY increase in adversaries leveraging legitimate RMM tools

• The financial industry saw a stunning 80% YoY increase in interactive intrusions

• 3x increase in adversary use of Linux privilege-escalation tool to exploit cloud environments

“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” said Adam Meyers, head of Counter Adversary Operations at CrowdStrike. “When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”