"33% Of Attacks in the Cloud Leverage Credential Access"

The Elastic Global Threat Report 2022 details the evolving nature of cybersecurity threats as well as the increased sophistication of cloud and endpoint-related attacks. Thirty-three percent of cloud attacks use credential access, suggesting that users overestimate the security of their cloud environments and, as a result, fail to configure and protect them adequately. Fifty-eight percent of initial access attempts used a combination of traditional brute-force attempts and password spraying using previously compromised credentials. AWS accounted for nearly 57 percent of cloud security telemetry, followed by Google Cloud (22 percent) and Azure (21 percent). Although commercial adversary simulation software such as CobaltStrike benefits many teams' environment defense, it is also being used as a malicious tool for mass-malware implants. According to Elastic Security Labs, CobaltStrike was the most common malicious binary or payload for Windows endpoints, making up nearly 35 percent of all detections, followed by AgentTesla at 25 percent and RedLineStealer at 10 percent. Threat actors use more than 50 endpoint infiltration techniques, indicating that endpoint security is effective, as its sophistication requires threat actors to constantly find new or novel methods of attack in order to be successful. While credential access techniques have been a priority for attackers, their investment in defense evasion techniques shows a reaction to security technology advancements that have impacted their success. When combined with execution techniques, attackers can circumvent advanced endpoint controls while remaining undetected within the environments of organizations. This article continues to discuss key findings from the 2022 Elastic Global Threat Report.

Help Net Security reports "33% Of Attacks in the Cloud Leverage Credential Access"