Cybersecurity News that Matters

Cybersecurity News that Matters

The 2024 Elastic Global Threat Report: Basic Security Settings Are Easily Exploited by Adversaries

by Business Wire

Oct. 01, 2024
7:47 PM GMT+9

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface

SAN FRANCISCO–(BUSINESS WIRE)–Elastic (NYSE: ESTC), the Search AI Company, today released its 2024 Elastic Global Threat Report, produced by Elastic Security Labs. Based on observations from over 1 billion data points, the report reveals adversary success from using offensive security tools (OSTs) — testing tools created to proactively identify security flaws — alongside misconfigured cloud environments and a growing emphasis on credential access.




“As a global platform used by more than 200 million people, we’re committed to building the world’s most trusted visual communication platform for our community across the globe. The Elastic Global Threat Report is a great asset that ensures our threat detection stays laser-focused on real-world adversary activity,” said Raymond Schippers, Canva’s Director of Security Engineering for Detection and Response. “Understanding the top adversary techniques in the cloud is critical, and unlike other vendor reports that simply drop a name, Elastic’s diamond models give us a fast, in-depth look at adversary movements, helping us stay ahead of the game.

Key findings in the report include:

Adversaries are utilizing off-the-shelf tools

  • Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts
  • Cobalt Strike accounted for 27% of malware attacks

Enterprises are misconfiguring cloud environments, allowing adversaries to thrive

  • Nearly 47% of Microsoft Azure failures were tied to storage account misconfigurations
  • Nearly 44% of Google Cloud users failed checks coming from BigQuery — specifically, a lack of customer-managed encryption
  • S3 checks accounted for 30% of Amazon Web Services (AWS) failures — specifically a lack of multifactor authentication (MFA) being implemented by security teams

In the wake of successful counters for Defense Evasion, attackers are leaning into legitimate credentials to infiltrate

  • Credential Access accounted for ~23% of all cloud behaviors, primarily in Microsoft Azure environments
  • There was a 12% increase in Brute Force techniques — making up nearly 35% of all techniques in Microsoft Azure
  • While endpoint behaviors accounted for ~3% of the total behaviors in Linux, 89% of them involved brute-force attacks
  • There has been a 6% decrease in Defense Evasion behaviors over the last year

“The discoveries in the 2024 Elastic Global Threat Report reinforce the behavior we continue to witness: defender technologies are working. Our research shows a 6% decrease in Defense Evasion from last year,” said Jake King, head of threat and security intelligence at Elastic. “Adversaries are more focused on abusing security tools and investing in legitimate credential gathering to act on their objectives, which reinforces the need for organizations to have well-tuned security capabilities and policies. “

Additional Resources

About the Report

The 2024 Elastic Global Threat Report is a summary of observations distilled down to a small number of distinct categories. Analyzed with the Elastic Search AI Platform, Elastic telemetry, public, and third-party data is voluntarily submitted to Elastic Security Labs to surface threats. These observations are compiled from more than one billion data points over the last 12 months. All information has been responsibly sanitized where applicable to protect the identities of those involved.

About Elastic

Elastic (NYSE: ESTC), the Search AI Company, enables everyone to find the answers they need in real-time using all their data, at scale. Elastic’s solutions for search, observability and security are built on the Elastic Search AI Platform, the development platform used by thousands of companies, including more than 50% of the Fortune 500. Learn more at elastic.co.

Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.

Contacts

Media Contact
Elastic PR

[email protected]

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Business Wire

    Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing profession...

    View all posts
Author:
Stay Ahead with The Readable's Cybersecurity Insights