checkAd

     117  0 Kommentare Elastic Global Threat Report 2023 Reveals Dominance of Ransomware

    Elastic (NYSE: ESTC) ("Elastic"), the company behind Elasticsearch, today announced its second Elastic Global Threat Report, issued by Elastic Security Labs. Based on observations from more than 1 billion data points over the last 12 months, the report reveals ransomware is expanding and diversifying; more than half of all observed malware infections were on Linux systems; and credential access techniques have become an essential part of the cloud intrusion process.

    Key findings from the report include:

    Malware Trends

    The majority of malware observed was composed of a small number of highly prevalent ransomware families and commercial off-the-shelf (COTS) tools. As financially motivated threat communities adopt or offer malware-as-a-service (MaaS) capabilities, enterprises should heavily invest in developing security functions with broad visibility of low-level behaviors to expose previously undiscovered threats.

    • BlackCat, Conti, Hive, Sodinokibi and Stop are the most prevalent ransomware families we identify through signatures, amounting to about 81% of all ransomware activity.
    • COTS malware capabilities like Metasploit and Cobalt Strike represented 5.7% of all signature events. On Windows, these families amounted to about 68% of all infection attempts.
    • Around 91% of malware signature events came from Linux endpoints, while Windows endpoints accounted for only about 6%.

    Endpoint Behavior Trends

    The most sophisticated threat groups evade security by withdrawing to edge devices, appliances, and other platforms where visibility is at its lowest. As never before, the report highlights the need for enterprises to evaluate the tamper-resistant nature of their endpoint security sensors and consider monitoring projects to track vulnerable device drivers used to disable security technologies. In addition, organizations with large Windows environments should track vulnerable device drivers to disable these essential technologies.

    • When looked at together, Execution and Defense Evasion make up more than 70% of all endpoint alerts.
    • Elastic observed the most discreet techniques on Windows endpoints, being the top target by adversaries with 94% of all endpoint behavior alerts, followed by macOS at 3%.
    • macOS-specific credential dumping was responsible for an astounding 79% of all credentials access techniques by adversaries, an increase of approximately 9% since last year. Of these attempts, we observed that Windows environments where ProcessDump.exe, WriteMiniDump.exe, and RUNDLL32.exe were used more than 78% of the time.

    Cloud Security Trends

    Seite 1 von 2


    Diskutieren Sie über die enthaltenen Werte


    Business Wire (engl.)
    0 Follower
    Autor folgen
    RSS-Feed abonnieren

    Weitere Artikel des Autors


    Verfasst von Business Wire (engl.)
    2 im Artikel enthaltene WerteIm Artikel enthaltene Werte
    Elastic Global Threat Report 2023 Reveals Dominance of Ransomware Elastic (NYSE: ESTC) ("Elastic"), the company behind Elasticsearch, today announced its second Elastic Global Threat Report, issued by Elastic Security Labs. Based on observations from more than 1 billion data points over the last 12 months, the …

    Auch bei Lesern beliebt

    Schreibe Deinen Kommentar

    Disclaimer