AI search company Elastic has released its 2024 Global Threat Report which reveals adversary success from using offensive security tools (OSTs) – testing tools created to proactively identify security flaws, misconfigured cloud environments and a growing emphasis on credential access.
Produced by Elastic Security Labs and drawing on over one billion data points, key findings include:
- Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up around 54% of observed malware alerts; and
- Cobalt Strike accounted for 27% of malware attacks.
Enterprises are misconfiguring cloud environments, allowing adversaries to thrive.
- Nearly 47% of Microsoft Azure failures were tied to storage account misconfigurations;
- Nearly 44% of Google Cloud users failed checks coming from BigQuery — specifically, a lack of customer-managed encryption; and
- S3 checks accounted for 30% of Amazon Web Services (AWS) failures, specifically a lack of multifactor authentication being implemented by security teams.
- Credential Access accounted for around 23% of all cloud behaviours, primarily in Microsoft Azure environments;
- There was a 12% increase in Brute Force techniques, making up nearly 35% of all techniques in Microsoft Azure;
- While endpoint behaviors accounted for circa 3% of the total behaviuors in Linux, 89% of them involved brute-force attacks; and
- There has been a 6% decrease in Defense Evasion behaviuors over the last year.
“The discoveries in the 2024 Elastic Global Threat Report reinforce the behavior we continue to witness: defender technologies are working,” said Elastic’s Head of Threat and Security Intelligence Jake King. “Our research shows a 6% decrease in Defense Evasion from last year. Adversaries are more focused on abusing security tools and investing in legitimate credential gathering to act on their objectives, which reinforces the need for organisations to have well-tuned security capabilities and policies.”
You can read the full report here.