A new CrowdStrike report shows criminal hackers are shifting away from ransomware to new, innovative techniques. Those include multifactor authentication (MFA) fatigue, vishing and SIM swapping.

The 2023 CrowdStrike Global Threat Report is the ninth annual edition of the cybersecurity provider’s report on the evolving behaviors, trends and tactics of today’s most feared nation-state, e-crime and hacktivist threat actors globally.

The report found a surge in identity-based threats, cloud exploitations, China-nexus espionage and attacks that re-weaponized previously patched vulnerabilities.

Key CrowdStrike Report Findings

Key findings the CrowdStrike report include:

Data Weaponization

Adam Meyers is CloudStrike‘s head of intelligence.

CrowdStrike’s Adam Meyers

“We are now in a time of data weaponization,” he said. “A lot of the threats that we’ve grown accustomed to, whether it be ransomware or bank fraud and things of that nature, are moving toward data extortion. And to kind of put a number behind that, one of the things that we cover in the report is that we saw a 20% increase in the number of adversaries conducting data theft and extortion without deploying ransomware. So that’s a 20% increase of actors that are not even bothering to deploy ransomware, They’re just stealing the data and threatening to leak it if you don’t pay them.”

Secondly, the bad guys are firmly targeting cloud, Meyers said.

“The total number of cloud exploitation cases – in other words, incidents that we worked or things that we looked at that involved cloud exploitation – grew by 95%, which is pretty significant,” he said. “And the number of cloud-conscious actors or cases involving cloud conscious actors nearly tripled. So more and more threat actors understand how to target the cloud and are doing so effectively. And I think a lot of organizations, a lot of enterprises really aren’t prepared or don’t have good strategies or mitigations in place for that.”

New Adversaries Emerging

Overall, the report makes clear the problem is getting worse, not better, Meyers said.

“We added 33 new adversaries over the course of the last year and we have over 200,” he said. “So that gives you a sense that we’re talking about a significant number of threats that are being added every year. If there’s a 16% year-over-year growth, that’s pretty significant.”

Data extortion is more effective than ransomware, Meyers said. That’s because more companies know how to combat ransomware.

“They have increasingly created robust backup solutions,” he said. “And they’ve put measures in place that prevent ransomware from being as effective in their environment,” he said. “And as a result, the threat actors are not getting the payment amounts and frequency that they would like. Data exploitation is a newer technique. They’ve been playing with it for a few years, but it’s really becoming kind of refined right now and they’ve figured out how to use it.”

The biggest economic impact of cybercrime is coming from China, Meyers said.

“China is one of the countries that conducts economic espionage, where they’ll steal intellectual property from an organization and then use it to generate their own organization in their own business around that intellectual property domestically inside of China,” he said. “One U.S. national security official called it the greatest wealth transfer in the history of the world. And I think that’s right. The Chinese have become prolific at stealing intellectual property, using cyber espionage techniques to win contracts, to expand their influence, and is probably the single greatest threat out there.”