The 2024 Elastic Global Threat Report: Forecasts and recommendations
Yesterday, Elastic Security Labs released the 2024 Elastic Global Threat Report, a comprehensive look at more than 1 billion data points from Elastic’s unique telemetry. The report provides insights into the methods, techniques, and trends of threat actors from the perspective of defenders — giving crucial insights for security teams to prioritize and improve their security posture.
The observations in this report are based on anonymized and sanitized telemetry from Elastic as well as public and third-party data that has been voluntarily submitted. The telemetry has been extensively reviewed by our experts in Elastic Security Labs and distilled into actionable insights for our customers, partners, and the security community at large.
Telemetry found that security teams are too permissive of cloud service provider (CSP) resources, which increases the risk of future data exposure
We observed that cloud security posture settings were consistently misconfigured across all hyperscalers. In one form or another, users misconfigured the same capabilities of all CSPs:
Permissive access policies allowed logins from anywhere
Permissive storage policies allowed file operations from accounts of all kinds
Relaxed data handling policies or weak encryption
Enterprises balancing usability and the overhead of securing critical resources may struggle to prioritize an aggressive posture or prioritize it consistently. In many cases, audits and guidance are well understood and widely available at no cost.
Adversaries will triple-down on Defense Evasion, especially techniques that hinder sensor visibility
The most common Defense Evasion signals were seen on Windows systems and generally involved a trio of techniques: Process Injection, System Binary Proxy Execution, and Impair Defenses. Collectively, these three techniques can be used to gain an initial foothold with sufficient privileges to tamper or blind instrumentation before data can be sent to a data repository.
Stay ahead of attackers with the 2024 Elastic Global Threat Report
These forecasts provide just a brief snapshot of the threats, attackers, and defenses that we expect to be in play in the coming year. To see the other forecasts and a detailed overview of the security landscape, you can access the full 2024 Elastic Global Threat Report.
The release and timing of any features or functionality described in this post remain at Elastic’s sole discretion. Any features or functionality not currently available may not be delivered on time or at all.