3 spooky stats from CrowdStrike’s 2024 Global Threat Report

CrowdStrike CEO and Founder George Kurtz characterizes this as a pivotal moment in the arms race between cybersecurity defenders and intruders. CrowdStrike’s 2024 Global Threat Report provides a comprehensive look at the state of cyberattacks in the age of generative AI. Throughout are surprising statistics that underscore the need for AI cybersecurity solutions that match the speed and sophistication of the modern adversary. Here, we’ll highlight the most compelling data points from the 2024 Global Threat Report and discuss implications for cybersecurity professionals worldwide. 

Cloud environment intrusions increased by 75% YoY from 2022 to 2023

Cloud-related security breaches surged by 75% YoY between 2022 and 2023. This includes both cloud-conscious attacks and cloud-agnostic attacks. In a cloud-conscious attack, an actor gains access to a victim’s cloud environment and exploits it, while in a cloud-agnostic attack, an actor gains cloud access but does not exploit it. 

Another interesting layer in the rise of cloud-related attacks? The 110% increase in cloud-conscious cases was nearly double that of cloud-agnostic cases, which increased just 60% YoY. That cybercriminals are targeting cloud environments speaks to their preference for identity-based techniques that allow them to bypass traditional cybersecurity protections undetected. 

Victims named on eCrime dedicated leak sites increased by 76% YoY 

The CrowdStrike eCrime Index® (ECX) tracks activity across various eCrime ecosystem segments and calculates the total number of observed ransomware victims. While crime rates stayed steady early in 2023, activity on the ECX spiked in the second half of the year. 

Of particular concern was a rise in big game hunting (BGH) attacks in which massive, coordinated ransomware campaigns target large organizations like governments, major enterprises, and critical infrastructure providers. BGH attacks are the current most significant eCrime threat to organizations across all geographical regions and industries. 

There was also a substantial rise in denial-of-service (DDoS) attacks designed to force a website, computer, or online service offline with a flood of requests, consuming its capacity and rendering it unable to respond to legitimate requests. Late in the year, ECX observed increases in spam email numbers and a rise in the average price for loaders and stealers. 

The increase in BGH attacks, DDoS attacks, and others resulted in a 76% increase in the number of victims named on eCrime dedicated leak sites. Who are the victims? CrowdStrike observed a prevalence of high-revenue US-based private sector targets, many of which were Fortune 500 companies. Additionally, North American financial services victims increased in the second half of 2023.

61% of interactive intrusions occurred in North America, (compared to just 15% in EMEA, 13% in APAC, and 5% in LATAM)

Interactive intrusions are malicious activities where an adversary actively interacts with and executes actions on a host, and a whopping 61% of these attacks occur in North America. Also known as hands-on attacks, interactive intrusions leverage the creativity and problem-solving skills of human adversaries and mimic expected user and administrator behavior. This mimicry makes interactive intrusions much more difficult to defend against. 

After North America, organizations in EMEA were the next most targeted in interactive intrusions (15%), followed by APAC (13%), and then LATAM (5%). The technology, telecommunications, and financial industries were the most frequently targeted in that order. 2023 also saw the average attack breakout time decrease substantially, from 84 minutes in 2022 to 62 minutes in 2023. Incredibly, the fastest observed breakout time observed by CrowdStrike was only 2 minutes and 7 seconds. 

What you can do to protect against rising AI cybersecurity threats

Cloud-based attacks aren’t going anywhere – they’re getting worse. North American corporations, particularly those in the technology sector, need AI cybersecurity partners capable of guarding against today’s potent adversaries. When you partner with Thoropass, you get the benefits of our revolutionary customer-first approach to infosec, which combines AI-infused cybersecurity technology and human expertise in one end-to-end solution that checks all the boxes. 

Just ask the judges at The Cloud Security Awards program, which celebrates pivotal innovations in cloud-based security solutions worldwide each year. In 2024, Thoropass earned the award for the Best Security Compliance in Enterprise. The Cloud Security Awards panel found that Thoropass’s ability to automate compliance assessments, monitoring, policy management, and reporting helps organizations ensure ongoing compliance and reduce the risk of security breaches, setting us apart from our peers.

Whether you work in healthcare, fintech, B2B SaaS, or another industry, we can help ensure your business meets today’s ever-evolving compliance demands. Visit our Customer Stories to learn how businesses use Thoropass to speed through procurement and get compliant with ease. If you’re ready to see what we can do for your business now, talk to one of our experts.

Get started

Multiple frameworks; one audit

Start your multi-framework compliance journey today with seamless end-to-end support

Multi-Framework