Unveiling of Elastic's 2024 Worldwide Threat Predictions
Elastic Releases 2024 Global Threat Report: Shift in Adversary Tactics and Cloud Vulnerabilities
Elastic, an AI search company, has published its 2024 Global Threat Report, revealing a significant shift in the tactics used by cyber adversaries, particularly in the context of misconfigured cloud environments.
The report, produced by Elastic Security Labs, is based on over one billion data points and highlights a growing emphasis on credential access by adversaries. According to the findings, nearly 23% of cloud behaviors in Microsoft Azure were related to Credential Access, with a 12% increase in Brute Force techniques, accounting for nearly 35% of all techniques in the platform.
In Linux environments, endpoint behaviors accounted for approximately 3% of the total behaviors, with 89% of them involving brute-force attacks. However, the report does not provide specific details about the nature of the Brute Force attacks or the Linux environments.
The report suggests that enterprises are misconfiguring their cloud environments, potentially allowing adversaries to thrive. It reveals that adversaries have succeeded in using offensive security tools (OSTs) for testing security flaws and misconfigured cloud environments. Offensive security tools, such as Cobalt Strike and Metasploit, accounted for approximately 54% of observed malware alerts in the report. Cobalt Strike specifically accounted for 27% of malware attacks.
Despite these concerning trends, Elastic's Head of Threat and Security Intelligence, Jake King, stated that the findings in the 2024 Elastic Global Threat Report indicate that defender technologies are working. There has been a 6% decrease in Defense Evasion behaviors over the last year, although the report does not provide details about the specific decrease across all cloud platforms.
It's important to note that the report does not mention any new or unique offensive security tools used by adversaries, nor does it provide specific details about the enterprises or the nature of the misconfigurations in the context of the mentioned cloud failures.
The report also suggests a shift in focus by adversaries towards abusing security tools and investing in legitimate credential gathering. This underscores the importance of robust authentication and access control measures for organisations to protect their sensitive data in the cloud.
In recent months, an increased number of brute-force attacks on Linux endpoints have notably targeted various organisations worldwide. However, the search results do not specify exact organisations for these attacks. Generally, such attacks often focus on major infrastructure, government bodies, and essential service providers due to their high-value data; however, specific recent victims or organisations for Linux brute-force attacks were not identified in the provided sources.
As cloud adoption continues to grow, it's crucial for enterprises to prioritise the security of their cloud environments. The 2024 Elastic Global Threat Report serves as a valuable resource for understanding the current threat landscape and taking proactive measures to safeguard against potential cyber threats.
