Staying up-to-date on the current state of security and the implications of the threat landscape is critical to any security professional. In late 2022, Elastic published its inaugural global threat report: a summary of threat trends, forecasts, and recommendations based on analyzing millions of telemetry events shared by users around the world.
Helping security leaders navigate today’s threat landscape
Threat intelligence resources like the 2022 Elastic Global Threat Report are critical to helping security teams evaluate their organization’s visibility, capabilities, and expertise in identifying and preventing cybersecurity threats. It also helps answer questions such as:
- How is your environment impacted by the current and emerging threats identified in this report?
- Does this new information change your risk profile and impact risk analysis?
- What adjustments do we need to make to your controls?
- Are you lacking visibility in any areas?
- Do you have the right detections in place?
The threat report included six key forecasts and recommendations for strategists and practitioners to stay better informed of potential directions that threat actors may focus on in 2023 and beyond.
Key learnings from the inaugural Global Threat Report
- Nearly 41% of credential access alerts attempted to steal application access tokens versus other credentialed materials
- A combined 72% of all defense evasion techniques consisted of masquerading and system binary proxy execution techniques
- CobaltStrike was the most popular malicious payload for Windows endpoints with ~35% of all detections
Global Threat Report Spring 2023 reveals malware and cloud trends
The new 2023 online and interactive Spring Edition version of this report was recently introduced and includes additional data—findings that were both forecasted and unexpected.
First, let’s talk about malware:
- We observed consistent trends throughout 2022, with the same approximate ratios of different malware types in all geographies
- Trojans, cryptominers, and ransomware held the top spots
- Linux and Windows continued to see higher rates of malware than MacOS
Next, consider these cloud observations:
- Credential access attempts beat out every other tactic category for Microsoft Azure, Google Cloud, and AWS as forecast
- Brute force techniques remained steady along with token theft
But there were also a few new findings:
- Impairing defenses by tampering with cloud logging functionality was one of the most common techniques we observed in the later part of 2022 and continues into 2023
- This likely impacts visibility of other techniques due to missing data sources, and is potentially a reaction to improvements in cloud logging
- XMRig prevalence exploded on MacOS, likely as a result of macroeconomic conditions
Defense evasion is still the top tactic for endpoint, credential access is still king of cloud, and malware trends have stayed pretty consistent. Check it out yourself and learn a little bit about how Elastic’s Canvas technology simplifies visualization.
Elastic Security Labs regularly researches the newest threat groups, campaigns, and malware. We support our community and users by distributing decision-making intelligence about the threat landscape via Elastic Security Labs.
To stay in the know on the latest, subscribe to Elastic Security Lab’s quarterly newsletter.