Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate users in the target system. They can just as easily abuse identities from cloud identity providers as they can in on-premises AD environments.

CrowdStrike and Google Cloud today debuted an expanded strategic partnership with a series of announcements that demonstrate our ability to stop cloud breaches with industry-leading AI-powered protection. These new features and integrations are built to protect Google Cloud and multi-cloud customers against adversaries that are increasingly targeting cloud environments.

CrowdStrike’s mission is to stop breaches. We continuously research and develop technologies to outpace new and sophisticated threats and stop adversaries from pursuing attacks. We also recognize that security is best when it’s a team sport. In today’s threat landscape, technology collaboration is essential to deploy novel methods of analysis and defense.

Securing custom applications in a sea of vulnerabilities is daunting. To make the task even more challenging, the threat to applications continues to grow: 8 out of the top 10 data breaches last year were related to application attack surfaces.1 This blog details two effective strategies for identifying vulnerabilities in custom software applications so they can be quickly addressed.

CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.

Imagine you’re up against the world’s most advanced adversaries — those that use automation and AI, can drop malware in seconds and break out from compromised endpoints to navigate target environments in just over two minutes. This is a day in the life of a CrowdStrike SOC engineer.

Adversaries have long used social engineering to trick their victims into providing access or information not available to the public. Social engineering continues to prove effective and will likely be a major factor in breaches throughout 2024. The CrowdStrike Incident Response team has dealt with an anomalously high number of successful breaches that originated with social engineering tactics, and we strongly urge security teams to take precautions against them.

The increase in cloud adoption has been met with a corresponding rise in cybersecurity threats. Cloud intrusions escalated by a staggering 75% in 2023, with cloud-conscious cases increasing by 110%. Amid this surge, eCrime adversaries have become the top threat actors targeting the cloud, accounting for 84% of adversary-attributed cloud-conscious intrusions.