Elastic Unveils Its 2024 Worldwide Threat Analysis Report
Elastic, an AI search company, has recently released its 2024 Global Threat Report, offering insights into the current cybersecurity landscape. The report, produced by Elastic Security Labs, is based on over one billion data points and presents a concerning picture of the evolving tactics used by adversaries.
One of the key findings of the report is the growing emphasis on credential access by adversaries. Offensive security tools, such as Cobalt Strike and Metasploit, made up approximately 54% of observed malware alerts in the report. Cobalt Strike, in particular, accounted for 27% of malware attacks, underscoring its popularity among cybercriminals.
The report also reveals that adversaries have been successful in using these offensive security tools (OSTs). This trend of utilizing off-the-shelf tools in attacks is a cause for concern, as it suggests that even sophisticated defenders may struggle to keep up with the growing arsenal of tools available to cybercriminals.
Jake King, Elastic's Head of Threat and Security Intelligence, stated that the findings in the 2024 Elastic Global Threat Report show a continued focus on defender technologies working effectively against adversaries. However, the report also highlights the issue of enterprises misconfiguring cloud environments, which allows adversaries to thrive.
For instance, approximately 44% of Google Cloud users failed checks related to the lack of customer-managed encryption in BigQuery, while nearly 47% of Microsoft Azure failures were due to storage account misconfigurations. S3 checks accounted for 30% of Amazon Web Services (AWS) failures due to a lack of multifactor authentication by security teams.
The report does not provide specific details about the types of enterprises or industries affected by these threats. However, it does indicate a continued emphasis on adversaries investing in legitimate credential gathering to achieve their objectives. This is particularly true in Microsoft Azure environments, where Credential Access accounted for around 23% of all cloud behaviors.
Interestingly, while endpoint behaviors accounted for circa 3% of the total behaviors in Linux, 89% of them involved brute-force attacks. There was also a 12% increase in Brute Force techniques in Microsoft Azure, making up nearly 35% of all techniques in the platform.
On a positive note, there has been a 6% decrease in Defense Evasion behaviors over the last year. This suggests that defenders are making progress in countering these tactics.
In conclusion, the 2024 Elastic Global Threat Report provides a valuable snapshot of the current cybersecurity landscape. It underscores the need for enterprises to prioritise secure configuration of their cloud environments and to stay vigilant against the use of offensive security tools by adversaries.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- Criminal elements are reportedly employing covert malware to infiltrate government systems
- Businesses require a fresh approach to cyber defense, according to a cybersecurity expert.
- Intelligence leaders gather under Doval's leadership to counteract terrorism
