Elastic report: misconfigurations & OSTs heighten cyber risk
Elastic has released its 2024 Global Threat Report, highlighting that basic security settings are easily exploited by adversaries. The report, produced by Elastic Security Labs, is based on data gathered from over one billion data points and reveals significant insights into the current cybersecurity landscape.
A key finding of the report indicates that offensive security tools (OSTs) and poorly configured cloud environments present significant vulnerabilities. Approximately 54% of malware alerts observed were attributable to OSTs, such as Cobalt Strike and Metasploit. Cobalt Strike alone was responsible for 27% of malware attacks.
Misconfigurations in cloud environments also emerged as a notable issue. Nearly 47% of Microsoft Azure failures were linked to storage account misconfigurations, while 44% of Google Cloud users failed checks related to BigQuery, specifically due to a lack of customer-managed encryption. Moreover, Amazon Web Services (AWS) saw that 30% of its checks failed due to the absence of multifactor authentication (MFA) implementation by security teams.
The report noted a growing emphasis on credential access by attackers. Credential access accounted for approximately 23% of all cloud behaviours, with Microsoft Azure environments being the primary targets. Brute force techniques saw a 12% increase, comprising nearly 35% of all techniques used in Microsoft Azure. Endpoint behaviours, though making up only 3% of total behaviours in Linux, were largely dominated by brute-force attacks, encompassing 89% of such instances. In contrast, Defence Evasion behaviours saw a 6% decrease from the previous year.
"The discoveries in the 2024 Elastic Global Threat Report reinforce the behaviour we continue to witness: defender technologies are working. Our research shows a 6% decrease in Defence Evasion from last year," stated Jake King, head of threat and security intelligence at Elastic. "Adversaries are more focused on abusing security tools and investing in legitimate credential gathering to act on their objectives, which reinforces the need for organisations to have well-tuned security capabilities and policies."
The findings underscore the importance for organisations to pay attention to their cloud configurations and credential management. The prominence of misconfigured storage accounts and the neglect of encryption and multifactor authentication in cloud environments highlight areas where security teams need to focus their efforts. The reliance on offensive security tools by adversaries suggests that preventive measures should include not just detection and response but also proactive measures to ensure security tools and configurations are not exploitable.
The report's analysis is derived from Elastic Search AI Platform, Elastic telemetry, public data, and third-party data submissions.