Adversarial groups adapt to exploit systems in new ways

In this Help Net Security video, Jake King, Head of Threat & Security Intelligence at Elastic, discusses the key findings from the 2024 Elastic Global Threat Report.

Adversaries are utilizing off-the-shelf tools

• Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts
• Cobalt Strike accounted for 27% of malware attacks

Enterprises are misconfiguring cloud environments, allowing adversaries to thrive

• Nearly 47% of Microsoft Azure failures were tied to storage account misconfigurations
• Nearly 44% of Google Cloud users failed checks coming from BigQuery — specifically, a lack of customer-managed encryption
• S3 checks accounted for 30% of AWS failures — specifically a lack of MFA being implemented by security teams

In the wake of successful counters for defense evasion, attackers are leaning into legitimate credentials to infiltrate

• Credential access accounted for ~23% of all cloud behaviors, primarily in Microsoft Azure environments
• There was a 12% increase in brute force techniques — making up nearly 35% of all techniques in Microsoft Azure
• While endpoint behaviors accounted for ~3% of the total behaviors in Linux, 89% of them involved brute-force attacks
• There has been a 6% decrease in defense evasion behaviors over the last year