The 2024 Elastic Global Threat Report: Basic Security Settings Are Easily Exploited by Adversaries
Elastic (NYSE: ESTC) has released its 2024 Elastic Global Threat Report, revealing key cybersecurity trends based on over 1 billion data points. The report highlights three main findings:
1. Adversaries are heavily using offensive security tools (OSTs), with Cobalt Strike and Metasploit accounting for ~54% of observed malware alerts.
2. Cloud environment misconfigurations are creating vulnerabilities, with nearly 47% of Microsoft Azure failures tied to storage account misconfigurations and 44% of Google Cloud users failing BigQuery encryption checks.
3. Attackers are increasingly focusing on credential access, making up ~23% of all cloud behaviors, primarily in Microsoft Azure environments. There's also a 12% increase in Brute Force techniques.
The report notes a 6% decrease in Defense Evasion behaviors over the last year, suggesting that defender technologies are working but adversaries are adapting their strategies.
Elastic (NYSE: ESTC) ha rilasciato il suo Elastic Global Threat Report 2024, rivelando tendenze chiave sulla cybersecurity basate su oltre 1 miliardo di punti dati. Il rapporto evidenzia tre principali risultati:
1. Gli avversari stanno utilizzando pesantemente strumenti di sicurezza offensivi (OST), con Cobalt Strike e Metasploit che rappresentano circa il 54% degli avvisi di malware osservati.
2. Le configurazioni errate degli ambienti cloud stanno creando vulnerabilità, con quasi il 47% dei fallimenti di Microsoft Azure legati a configurazioni errate degli account di archiviazione e il 44% degli utenti di Google Cloud che non superano i controlli di cifratura di BigQuery.
3. Gli attaccanti si stanno concentrando sempre più sull'accesso alle credenziali, costituendo circa il 23% di tutti i comportamenti cloud, soprattutto negli ambienti Microsoft Azure. Si registra inoltre un aumento del 12% nelle tecniche di attacco di forza bruta.
Il rapporto evidenzia una diminuzione del 6% nei comportamenti di evasione della difesa nell'ultimo anno, suggerendo che le tecnologie di difesa stanno funzionando, ma gli avversari stanno adattando le loro strategie.
Elastic (NYSE: ESTC) ha publicado su Elastic Global Threat Report 2024, que revela tendencias clave en ciberseguridad basadas en más de 1 mil millones de puntos de datos. El informe destaca tres hallazgos principales:
1. Los adversarios están utilizando en gran medida herramientas de seguridad ofensivas (OST), con Cobalt Strike y Metasploit representando aproximadamente el 54% de las alertas de malware observadas.
2. Las configuraciones incorrectas en el entorno en la nube están creando vulnerabilidades, con casi el 47% de las fallas en Microsoft Azure vinculadas a configuraciones erróneas de cuentas de almacenamiento y el 44% de los usuarios de Google Cloud que no superan las verificaciones de cifrado de BigQuery.
3. Los atacantes están enfocándose cada vez más en el acceso a credenciales, representando aproximadamente el 23% de todos los comportamientos en la nube, principalmente en entornos de Microsoft Azure. También se ha producido un aumento del 12% en las técnicas de fuerza bruta.
El informe señala una disminución del 6% en los comportamientos de evasión de defensa en el último año, lo que sugiere que las tecnologías de defensa están funcionando, pero los adversarios están adaptando sus estrategias.
Elastic (NYSE: ESTC)는 2024 Elastic Global Threat Report를 발표하여 10억 개 이상의 데이터 포인트를 기반으로 한 주요 사이버 보안 트렌드를 공개했습니다. 이 보고서는 세 가지 주요 발견을 강조합니다:
1. 적대 세력은 공격용 보안 도구(OST)를 적극적으로 사용하고 있습니다, Cobalt Strike와 Metasploit이 관찰된 악성 소프트웨어 경고의 약 54%를 차지합니다.
2. 클라우드 환경의 잘못된 구성이 취약점을 초래하고 있으며, Microsoft Azure의 거의 47%의 실패가 스토리지 계정 구성을 잘못 설정한 것과 관련이 있고 Google Cloud 사용자 중 44%가 BigQuery 암호화 검사를 통과하지 못했습니다.
3. 공격자들은 점점 더 자격 증명 접근에 집중하고 있습니다, 이는 모든 클라우드 행동의 약 23%를 차지하며 주로 Microsoft Azure 환경에서 발생합니다. 또한 무차별 대입 공격 기법이 12% 증가했습니다.
보고서는 지난 1년 동안 방어 회피 행동이 6% 감소했다고 언급하며, 이는 방어 기술이 작동하고 있지만 적대 세력은 그들의 전략을 조정하고 있음을 시사합니다.
Elastic (NYSE: ESTC) a publié son Elastic Global Threat Report 2024, révélant des tendances clés en cybersécurité basées sur plus de 1 milliard de points de données. Le rapport met en lumière trois conclusions principales :
1. Les adversaires utilisent massivement des outils de sécurité offensifs (OST), Cobalt Strike et Metasploit représentant environ 54% des alertes de logiciels malveillants observées.
2. Les mauvaises configurations des environnements cloud créent des vulnérabilités, avec presque 47% des échecs de Microsoft Azure liés à des erreurs de configuration des comptes de stockage et 44% des utilisateurs de Google Cloud ne réussissant pas les contrôles de cryptage de BigQuery.
3. Les attaquants se concentrent de plus en plus sur l'accès aux identifiants, représentant environ 23% de tous les comportements cloud, principalement dans les environnements Microsoft Azure. Il y a également une augmentation de 12% des techniques de force brute.
Le rapport note une diminution de 6% des comportements d'évasion de défense au cours de l'année écoulée, suggérant que les technologies de défense fonctionnent mais que les adversaires adaptent leurs stratégies.
Elastic (NYSE: ESTC) hat den Elastic Global Threat Report 2024 veröffentlicht, der wichtige Trends in der Cybersicherheit basierend auf über 1 Milliarde Datenpunkten offenbart. Der Bericht hebt drei Hauptbefunde hervor:
1. Die Gegner nutzen stark offensive Sicherheitswerkzeuge (OST), wobei Cobalt Strike und Metasploit etwa 54% der beobachteten Malware-Alarmmeldungen ausmachen.
2. Fehlkonfigurationen in Cloud-Umgebungen verursachen Verwundbarkeiten, wobei fast 47% der Microsoft Azure-Ausfälle auf Fehlkonfigurationen von Speicherkonten zurückzuführen sind und 44% der Google Cloud-Nutzer die Verschlüsselungsprüfungen von BigQuery nicht bestehen.
3. Angreifer konzentrieren sich zunehmend auf den Zugang zu Anmeldeinformationen, was etwa 23% aller Cloud-Verhalten ausmacht, hauptsächlich in Microsoft Azure-Umgebungen. Zudem gab es einen Anstieg von 12% bei Brute-Force-Techniken.
Der Bericht weist auf einen Rückgang von 6% bei Verhaltensweisen zur Vermeidung von Verteidigung im vergangenen Jahr hin, was darauf hindeutet, dass die Verteidigungstechnologien funktionieren, aber die Gegner ihre Strategien anpassen.
- Release of comprehensive 2024 Elastic Global Threat Report based on over 1 billion data points
- 6% decrease in Defense Evasion behaviors over the last year, indicating improved defender technologies
- Offensive security tools (OSTs) account for ~54% of observed malware alerts
- High rate of cloud environment misconfigurations, creating vulnerabilities
- 12% increase in Brute Force techniques, making up nearly 35% of all techniques in Microsoft Azure
Insights
The 2024 Elastic Global Threat Report reveals concerning trends in cybersecurity. The prevalence of offensive security tools (OSTs) in
Cloud misconfigurations present a significant vulnerability, with nearly half of Azure and Google Cloud users failing basic security checks. The
The
For Elastic (NYSE: ESTC), this report serves as both a challenge and an opportunity. As a leader in search and analytics, Elastic's insights into global threat landscapes position it well in the cybersecurity market. However, the report's findings may also increase pressure on Elastic to enhance its own security offerings.
The widespread use of OSTs and cloud misconfigurations could drive demand for Elastic's security solutions, potentially boosting revenue. With a market cap of
Investors should watch for Elastic's response to these findings, such as new product announcements or strategic partnerships in cloud security. The company's ability to address these emerging threats could significantly impact its market position and financial performance in the cybersecurity sector.
Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface
“As a global platform used by more than 200 million people, we’re committed to building the world's most trusted visual communication platform for our community across the globe. The Elastic Global Threat Report is a great asset that ensures our threat detection stays laser-focused on real-world adversary activity," said Raymond Schippers, Canva's Director of Security Engineering for Detection and Response. "Understanding the top adversary techniques in the cloud is critical, and unlike other vendor reports that simply drop a name, Elastic’s diamond models give us a fast, in-depth look at adversary movements, helping us stay ahead of the game.
Key findings in the report include:
Adversaries are utilizing off-the-shelf tools
-
Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~
54% of observed malware alerts -
Cobalt Strike accounted for
27% of malware attacks
Enterprises are misconfiguring cloud environments, allowing adversaries to thrive
-
Nearly
47% of Microsoft Azure failures were tied to storage account misconfigurations -
Nearly
44% of Google Cloud users failed checks coming from BigQuery — specifically, a lack of customer-managed encryption -
S3 checks accounted for
30% of Amazon Web Services (AWS) failures — specifically a lack of multifactor authentication (MFA) being implemented by security teams
In the wake of successful counters for Defense Evasion, attackers are leaning into legitimate credentials to infiltrate
-
Credential Access accounted for ~
23% of all cloud behaviors, primarily in Microsoft Azure environments -
There was a
12% increase in Brute Force techniques — making up nearly35% of all techniques in Microsoft Azure -
While endpoint behaviors accounted for ~
3% of the total behaviors in Linux,89% of them involved brute-force attacks -
There has been a
6% decrease in Defense Evasion behaviors over the last year
“The discoveries in the 2024 Elastic Global Threat Report reinforce the behavior we continue to witness: defender technologies are working. Our research shows a
Additional Resources
- Download the report to obtain actionable recommendations to address these findings
- Read the blog
About the Report
The 2024 Elastic Global Threat Report is a summary of observations distilled down to a small number of distinct categories. Analyzed with the Elastic Search AI Platform, Elastic telemetry, public, and third-party data is voluntarily submitted to Elastic Security Labs to surface threats. These observations are compiled from more than one billion data points over the last 12 months. All information has been responsibly sanitized where applicable to protect the identities of those involved.
About Elastic
Elastic (NYSE: ESTC), the Search AI Company, enables everyone to find the answers they need in real-time using all their data, at scale. Elastic’s solutions for search, observability and security are built on the Elastic Search AI Platform, the development platform used by thousands of companies, including more than
Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20241001922181/en/
Media Contact
Elastic PR
PR-team@elastic.co
Source: Elastic N.V.
FAQ
What are the key findings of Elastic's 2024 Global Threat Report?
How much of observed malware alerts were attributed to offensive security tools (OSTs) according to Elastic's report?
What percentage of cloud behaviors were attributed to Credential Access in Elastic's 2024 report?