This report, based on data collected by CrowdStrike OverWatch from July 1, 2023, to June 30, 2024, details trends in cyber threat activity. The report highlights the increasing sophistication of adversaries, who are using stealth and speed to evade detection. Key findings include a rise in interactive intrusions, cross-domain attacks, and the exploitation of legitimate tools. Here's a summary of the key points:

• Interactive Intrusions: These have increased by 55% year-over-year. These intrusions involve hands-on-keyboard activity by threat actors within a victim's network.
• Cross-Domain Threats: Adversaries are increasingly targeting multiple domains, such as identity, endpoint, and cloud, to evade detection.
• Insider Threats: There's a rise in threat actors infiltrating organisations through human access, often referred to as "insider threats".
• Identity-Based Attacks: Threat actors are increasingly using identity-based attacks to gain initial access, targeting unmanaged hosts.
• Cloud-Based Threats: There has been a 75% increase in cloud environment intrusions.
• Remote Monitoring and Management (RMM) Tools: Adversaries are increasingly leveraging RMM tools for persistence and initial access.
• MITRE ATT&CK Framework: The report uses the MITRE ATT&CK framework to categorize adversary behaviour, with Discovery tactics being most observed, as adversaries orient themselves within a network.
• Adversary Profiling: CrowdStrike profiles over 245 attributed eCrime, targeted intrusion, and hacktivist adversaries.
• CrowdStrike's Response: CrowdStrike employs proactive threat hunting, threat intelligence, and AI-powered tools to detect and disrupt adversaries.

The report emphasises the need for speed, accuracy, and human ingenuity in countering adversaries, highlighting the importance of threat hunting teams in identifying and disrupting malicious activity.