Nearly 33% of attacks in the cloud were found to use credential access, according to the 2022 Elastic Global Threat Report.
This finding shows that users frequently overestimate the security of their cloud environments and consequently fail to configure and protect them appropriately. Window endpoints accounted for 54% of all malware infections, while Linux endpoints accounted for 39%.
Meterpreter contributed the most malware and payloads for Linux, with 14%, followed by Gafgyt with 12% and Mirai with 10%.
With 35% of all detections, CobaltStrike was found to be the most frequently used malicious binary or payload for Windows endpoints, followed by AgentTesla (at 25%) and RedLineStealer (at 10%).
Lastly, more than 50 endpoint infiltration techniques are being utilized by threat actors, suggesting that endpoint security is working well, as its sophistication requires threat actors to continually find new or novel methods of attack to be successful.
The report was produced by Elastic Security Labs, the company’s threat research, malware analysis, and detection engineering team, and compiled using telemetry from worldwide deployments of Elastic Security from August 2021 to August 2022.
Read the full report from Elastic.
THANK YOU SO MUCH FOR READING OUR STORIES ON A CONSTANT BASIS. For more fun updates, please like, comment, and SHARE stories on all social media platforms!