It's been a few weeks since we published the Global Threat Report here at Elastic Security Labs, and we’re immensely happy with the feedback, responses and commentary from the Security Community. Building reports such as this has not only opened our eyes to the effectiveness of sharing our knowledge, but encouraged us to further our initiatives in Open Security.
This report consisted of hundreds of hours of research and analysis to effectively break down a number of the trends we’ve observed in our Elastic Security Labs threat research team – extending our commitment to Open Security.
Open security — a methodology that shifts the dynamic of a security company’s relationship with its customer — has the potential to transform the cybersecurity industry by bringing security practitioners together to create a more resilient response to enterprise threats.
In todays’ post, we plan on sharing a few of the key Forecasts and Recommendations of the report. That being said, in the spirit of being open, you’re able to download the complete report here, if you’d like to skip ahead!
It's no question that adversarial groups targeting organizations leverage Identity Asset Management (IAM) credentials as both an entrypoint, and lateral movement tactic. This continued trend is mostly observed as an alternative to exploitation of services.
The good news is, with simple hardening and minimization, alongside increased visibility, folks struggling with this potential entrypoint can get in front of targeting faster, making acting on objectives for the adversary much more difficult.
Often leveraged post IAM compromise, privileged accounts are used as a mechanism for lateral movement or privilege escalation. Once access is gained, often adversaries test for sensitive roles and entitlements - this can be easily leveraged to further gain entry to an environment.
As we’ve mentioned previously, hardening, minimization and visibility here is critical - ensuring that mitigations are in place to defend against known weaknesses, alongside careful observations of account actions remain paramount.
Linux, Linux, Linux! The more we observe Linux based workloads, the more we see interesting and growingly sophisticated adversarial behavior. Cloud environments are often rich with Linux systems operating critical roles that often remain second-class when it comes to defensibility.
Ensuring that observability, and prevention mechanisms are configured for running workloads and containers remains to be an incredibly important step in ensuring these systems remain secure.
Outside of reviewing the 2022 Global Threat Report, we’d highly suggest paying a visit to the Elastic Security Labs, where you’re able to read far more in-depth information about the adversarial groups, payloads and tactics we’re observing, and ask questions of the experts authoring this content.
We’d love to hear your feedback and thoughts, so feel free to leave us a comment, or suggestion!