Whether it’s the Volt Typhoon hack or one of several other attacks targeting the healthcare sector, something has become clear: speed is the name of the game. In addition, there’s been a rise in identity-based attacks aimed at crippling or, at the very least, disrupting public and private-sector operations.
CrowdStrike’s Adam Meyers talks about identity-based attacks with theCUBE.
“We had a customer that on a Monday, hired one of these North Korean remote IT workers,” said Adam Meyers (pictured), senior vice president of Counter Adversary Operations at CrowdStrike Inc. “By Saturday, the laptop that they were being issued was shipped to a laptop farm where it was going to be plugged in. It was plugged in on Saturday. Within an hour, the Overwatch team notified the customer and they were able to terminate the employee. We have gotten pretty fast at stopping the threats.”
Meyers spoke with theCUBE Research’s Dave Vellante and Rebecca Knight at Fal.Con, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the importance of speed in detecting threats, the shift in adversary tactics and the growing role of artificial intelligence in both cyberattacks and defense. (* Disclosure below.)
Identity-based attacks on the rise
A key finding from CrowdStrike’s “2024 Threat Hunting Report” is the growing shift in how adversaries are targeting organizations. Attackers have moved away from traditional methods such as phishing emails containing malware-laden documents. Instead, they are increasingly focusing on identity-based attacks, which involve compromising legitimate credentials to infiltrate systems undetected, according to Meyers.
“They know if they come in with a compromised but legitimate credential, they’ve moved off the X,” he said. “Now, they can continue to operate without being detected. They’re able to operate as a legitimate user who’s just logged in, maybe, from a different location. Identity attacks have been probably the biggest issue I think we’ve covered in that last threat-hunting report.”
Cross-domain threat hunting has emerged as effective against identity-based attacks. By hunting across different domains — whether it’s the endpoint, cloud or hypervisor — organizations can detect malicious activity that might otherwise go unnoticed, Meyers added.
“As you start to bring in the identity protection data and you start to bring in your crowd data from your control plane and you start to bring in VPN concentrator logs, that’s where Next-Gen SIEM infused with intelligence and powered by threat hunting becomes a really critical capability,” he said.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of Fal.Con:
(* Disclosure: CrowdStrike Inc. sponsored this segment of theCUBE.)