IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Cybersecurity
#
Encryption
#
Financial Systems

Elastic report: misconfigurations & OSTs heighten cyber risk

Today
Author image
By Sean Mitchell, Publisher

Elastic has released its 2024 Global Threat Report, highlighting that basic security settings are easily exploited by adversaries. The report, produced by Elastic Security Labs, is based on data gathered from over one billion data points and reveals significant insights into the current cybersecurity landscape.

A key finding of the report indicates that offensive security tools (OSTs) and poorly configured cloud environments present significant vulnerabilities. Approximately 54% of malware alerts observed were attributable to OSTs, such as Cobalt Strike and Metasploit. Cobalt Strike alone was responsible for 27% of malware attacks.

Misconfigurations in cloud environments also emerged as a notable issue. Nearly 47% of Microsoft Azure failures were linked to storage account misconfigurations, while 44% of Google Cloud users failed checks related to BigQuery, specifically due to a lack of customer-managed encryption. Moreover, Amazon Web Services (AWS) saw that 30% of its checks failed due to the absence of multifactor authentication (MFA) implementation by security teams.

The report noted a growing emphasis on credential access by attackers. Credential access accounted for approximately 23% of all cloud behaviours, with Microsoft Azure environments being the primary targets. Brute force techniques saw a 12% increase, comprising nearly 35% of all techniques used in Microsoft Azure. Endpoint behaviours, though making up only 3% of total behaviours in Linux, were largely dominated by brute-force attacks, encompassing 89% of such instances. In contrast, Defence Evasion behaviours saw a 6% decrease from the previous year.

"The discoveries in the 2024 Elastic Global Threat Report reinforce the behaviour we continue to witness: defender technologies are working. Our research shows a 6% decrease in Defence Evasion from last year," stated Jake King, head of threat and security intelligence at Elastic. "Adversaries are more focused on abusing security tools and investing in legitimate credential gathering to act on their objectives, which reinforces the need for organisations to have well-tuned security capabilities and policies."

The findings underscore the importance for organisations to pay attention to their cloud configurations and credential management. The prominence of misconfigured storage accounts and the neglect of encryption and multifactor authentication in cloud environments highlight areas where security teams need to focus their efforts. The reliance on offensive security tools by adversaries suggests that preventive measures should include not just detection and response but also proactive measures to ensure security tools and configurations are not exploitable.

The report's analysis is derived from Elastic Search AI Platform, Elastic telemetry, public data, and third-party data submissions.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Microsoft launches recall for enhanced PC security & privacy
Portal26 joins AWS ISV Accelerate Program for AI expansion
Portnox enhances security with Microsoft EAM integration
Exclusive: Wasabi's Rob Waite discusses growth, cloud security and customer success
Enhancing data centre security with mobile access control
Top stories
The case for upgrading to a customisable cloud ERP platform
Teletrac Navman debuts consultancy for fleet decarbonisation
Zespri begins next Horizon phase with NZD $3.2m in savings
CorPlan wins contract to supply SkyCity with IBM software
Exclusive: How Partners Life is simplifying the journey to life insurance