The 2022 Elastic Global Threat Report found that nearly 33% of attacks in the cloud leverage credential access, indicating that users often overestimate the security of their cloud environments and consequently fail to configure and protect them adequately.
Key findings for the report are centered on three primary trends: the role of human error in increasing cloud security risks, commercial software being used maliciously and endpoint attacks becoming more diverse due to the high efficacy of most endpoint security software.
And while commercial adversary simulation software such as CobaltStrike is helpful to many teams’ defense of their environments, it is also being used as a malicious tool for mass-malware implants.
Other findings from the Elastic report include:
Lastly, more than 50 endpoint infiltration techniques are being utilized by threat actors, suggesting that endpoint security is working well, as its sophistication requires threat actors to continually find new or novel methods of attack to be successful.
Methodology
The report was produced by Elastic Security Labs, the company’s threat research, malware analysis, and detection engineering team, and compiled using telemetry from worldwide deployments of Elastic Security from August 2021 to August 2022.
Read the full report from Elastic.