As many organizations move to the cloud, CrowdStrike has noticed a significant increase in both opportunistic and targeted attacks against cloud resources, with a large number of these attacks targeting organizations’ Microsoft 365 (M365) infrastructure, often specifically around their business email service, or Exchange Online.

At CrowdStrike, we believe that rigorous, independent testing is a vital part of the security ecosystem. It provides customers with transparency and insight into the critical capabilities required to stop today’s sophisticated threats. That’s why I’m excited to share the results of Round 4 of the MITRE Engenuity ATT&CK Enterprise Evaluation: The CrowdStrike Falcon platform stops breaches with 100% prevention, comprehensive visibility and actionable alerts.

In today’s fast-paced world, mobility, connectivity and data access are essential. As organizations grow and add more workloads, containers, distributed endpoints and different security solutions to protect them, security can quickly become complex. Modern attacks and adversary tradecraft target vulnerable areas to achieve their objectives. Threats can originate at the endpoint to attack the cloud, or cloud-based threats can attack vulnerable endpoints.

CrowdStrike has been recognized as a Leader in the Forrester Wave™ for Cybersecurity Incident Response Services. When it comes to incident response (IR), time is of the essence. The longer it takes to detect threat activity, investigate an incident and remediate systems across highly distributed environments, the deeper into the threat lifecycle the adversary gets.

“In its current CWS offering, the vendor has great CSPM capabilities for Azure, including detecting overprivileged admins and enforcing storage least privilege and encryption, virtual machine, and network policy controls.” – The Forrester Wave™: Cloud Workload Security, Q1 2022 CrowdStrike is excited to announce we have been named a “Strong Performer” in The Forrester Wave:™ Cloud Workload Security, Q1 2022.

In an effort to stay ahead of improvements in automated detections and preventions, adversary groups continually look to new tactics, techniques and procedures (TTPs), and new tooling to progress their mission objectives. One group — known as BlackCat/ALPHV — has taken the sophisticated approach of developing their tooling from the ground up, using newer, more secure languages like Rust and highly customized configuration options per victim.

Threat actors are continuously honing their skills to find new ways to penetrate networks, disrupt business-critical systems and steal confidential data. In the early days of the internet, adversaries used file-based malware to carry out attacks, and it was relatively easy to stop them with signature-based defenses. Modern threat actors have a much wider variety of tactics, techniques and procedures (TTPs) at their disposal.

Threat actors continue to exploit users, devices and applications, especially as more of them exist outside of the traditional corporate perimeter. With employees consistently working remotely, adversaries are taking advantage of distributed workforces and the poor visibility and control that legacy security tools provide.