"Elastic Report: Nearly 33% Of Cyberattacks in the Cloud Leverage Credential Access"

According to the 2022 Elastic Global Threat Report, almost 33 percent of cloud attacks use credential access, suggesting that users often overestimate the security of their cloud environments and, as a result, fail to configure and protect them adequately. The report's key findings center on three primary trends: human error's role in increasing cloud security risks, malicious use of commercial software, and endpoint attacks becoming more diverse due to the high efficacy of most endpoint security software. While commercial adversary simulation software like CobaltStrike benefits many teams' environment defense, it is also being used as a malicious tool for mass-malware implants. Windows endpoints accounted for 54 percent of all malware infections, while 39 percent occurred on Linux endpoints. Meterpreter contributed the most Linux-based malware/payloads (14 percent), followed by Gafgyt (12 percent) and Mirai (10 percent). With 35 percent of all detections, CobaltStrike was the most common malicious binary or payload for Windows endpoints, followed by AgentTesla at 25 percent and RedLineStealer at 10 percent. In addition, threat actors are using more than 50 endpoint infiltration methods, indicating that endpoint security is effective, as its sophistication requires threat actors to constantly find new ways to make their attacks successful. This article continues to discuss key findings from the 2022 Elastic Global Threat Report. 

VB reports "Elastic Report: Nearly 33% Of Cyberattacks in the Cloud Leverage Credential Access"