Elastic’s 2024 Global Threat Report Reveals Key Cybersecurity Trends

Analyst(s): Krista Case
Publication Date: October 17, 2024

Elastic Security Labs’ 2024 Global Threat Report details significant trends in the cybersecurity landscape, focusing on the misuse of offensive security tools, cloud security vulnerabilities, and increasing credential access attacks. With recommendations for enhancing defenses, the report underscores the importance of auditing cloud configurations, monitoring credentials, and leveraging generative AI for defense strategies.

What is Covered in this Article:

• Key findings from the 2024 Elastic Global Threat Report
• Offensive security tools (OSTs): misuse and impact
• The rise of cloud security misconfigurations
• Credential access attacks, particularly on cloud and endpoints
• The role of generative AI in both offense and defense

The News: The 2024 Elastic Global Threat Report, published by Elastic Security Labs, highlights the most critical threats and trends organizations must prepare for in the upcoming year. The report identifies the growing use of offensive security tools such as Cobalt Strike and Metasploit, which account for over 54% of observed malware.

Additionally, misconfigurations in cloud environments leave many organizations vulnerable, with storage-related failures topping the list of missteps across significant platforms such as AWS, Microsoft Azure, and Google Cloud. The report also emphasizes attackers’ increasing reliance on credential access techniques, with a sharp rise in brute force and unsecured credential attacks in both cloud and endpoint environments.

Elastic’s extensive network of users and third-party integrations has allowed the company to gather vast amounts of data, which it shares with the broader cybersecurity community through reports like this. The global overview provided in the 2024 Elastic Global Threat Report is based on Elastic’s foundation in search technologies, enabling unparalleled visibility into cyber threats.

Elastic’s 2024 Global Threat Report Reveals Key Cybersecurity Trends

Analyst Take: Elastic’s 2024 Global Threat Report presents a comprehensive overview of current cybersecurity challenges, with clear action points for organizations to mitigate evolving threats. The prominence of offensive security tools as a significant threat highlights the urgent need for security teams to stay ahead of adversaries using legitimate tools for malicious purposes.

Misconfigurations in cloud environments remain a significant weak point, especially given the rapid migration to cloud services. The report’s focus on credential access attacks further emphasizes the need for organizations to strengthen their authentication practices, especially as brute force attacks become more sophisticated. Overall, Elastic’s insights underscore the importance of proactive security measures and constant vigilance in defending against adversarial techniques.

Malware Trends: The Rise of Offensive Security Tools

A significant finding in the 2024 Elastic Global Threat Report is the prevalence of offensive security tools (OSTs) such as Cobalt Strike and Metasploit, which comprise a substantial portion of observed malware activity. Initially designed to help security professionals assess vulnerabilities, threat actors are leveraging these tools for malicious purposes. According to the report, OSTs accounted for approximately 54% of all malware-related alerts, signaling a clear shift in how adversaries approach attacks.

OSTs enable attackers to exploit legitimate security tools in ways that are difficult for organizations to detect. The report emphasizes that security teams must understand how these tools function to identify better when they are used for malicious activities. This highlights the need for advanced training and awareness among cybersecurity professionals, ensuring they can distinguish between legitimate and malicious use of these technologies.

Generative AI: A Double-Edged Sword

The role of generative AI in cybersecurity has been a topic of ongoing debate, and the 2024 Elastic Global Threat Report adds valuable insights to this conversation. While generative AI has undoubtedly provided threat actors with new opportunities for social engineering and malware development, ultimately improving the quality and sophistication of social engineering attacks, Elastic researchers did not observe a significant rise in infection rates over the past year. Moreover, the report highlights that defenders have also benefited from generative AI, using it to automate complex tasks, analyze vast amounts of security data, and quickly respond to emerging threats. The Futurum Group’s recommendations align with those of the report – which is for organizations to invest in staying current on threat intelligence and attack detection, while maintaining robust security protocols. In today’s era, we note the particular relevance of strong identity and access control.

Cloud Security: The Misconfiguration Epidemic

Cloud environments remain a primary focus for threat actors and defenders, and the report offers a sobering look at cloud security. One of the most critical issues highlighted is the widespread misconfiguration of cloud resources, allowing adversaries to exploit vulnerabilities.

Elastic Security Labs’ telemetry data shows that organizations often over-rely on built-in security controls provided by cloud service providers (CSPs), leading to critical gaps in their defenses. Misconfigurations are particularly prevalent in storage accounts across significant platforms such as Microsoft Azure, Amazon Web Services (AWS), and Google Cloud. For example, nearly 47% of Azure-related failures involved misconfigured storage accounts, while 30% of AWS failures stemmed from S3 bucket misconfigurations. Google Cloud users faced similar issues with 44% of failed checks related to BigQuery, particularly around the lack of customer-managed encryption.

The report stresses the importance of regularly auditing cloud environments and implementing additional security measures beyond those provided by CSPs. One particularly concerning finding is that over 50% of failed S3 checks were due to multi-factor authentication (MFA) misconfigurations, underscoring the need for stronger authentication controls in cloud environments.

Credential Access: The New Battleground for Defense Evasion

Another key takeaway from the report is the increasing reliance on credential access as a primary method for adversaries to bypass defenses. Credential access accounted for a significant portion of observed behaviors, particularly in cloud environments where brute force techniques have become increasingly common. In Microsoft Azure environments, credential access behaviors made up 23.12% of all cloud-based activities, with a notable 12% increase in brute force attacks.

However, the trend is broader than that of the cloud. Credential access techniques on endpoints have become more sophisticated, with a 31% rise in unsecured credential techniques on Windows devices. Nearly half of these attacks involved stealing credentials from browsers, highlighting the need for better endpoint security practices.

Brute-force attacks also heavily targeted Linux environments, accounting for 89% of observed behaviors on Linux endpoints. Although the total percentage of endpoint attacks on Linux remains small, the critical nature of Linux infrastructure in many organizations makes these attacks particularly concerning.

Defensive Strategies: A Focus on Auditing and Tuning Security Tools

Despite the growing sophistication of adversarial tactics, the 2024 Elastic Global Threat Report offers hope for defenders, emphasizing that many attacks can be mitigated with well-tuned security tools and regular audits. The report notes that the focus on defense evasion tactics, while still prevalent, has decreased by 6% over the past year. This is evidence that advancements in security tools are making a difference, forcing attackers to pivot toward other methods, such as credential access.

One of the most effective ways to defend against these evolving threats is by ensuring that security tools are properly configured and regularly updated. The report encourages organizations to implement phishing-resistant multifactor authentication and to use advanced threat detection techniques, such as those available through Elastic Security Labs.

What to Watch:

• As Elastic strengthens its threat detection capabilities, competitors such as CrowdStrike, Palo Alto Networks, and Microsoft Sentinel are also addressing similar threat vectors, and the need for AI-fortified defenses. These will be key battlegrounds moving forward.
• Innovations in automation and AI will continue, in order to assist in threat detection and response, particularly around offensive security tool misuse and advanced cloud security measures. Customers will increasingly look for companies that integrate robust generative AI solutions for defensive and analytical tasks.
• The growing adoption of cloud services and increased reliance on remote work coupled with the growing incidence of identity-based attacks has set the stage for more fine-grained access control over identities and access permissions.
• As more businesses adopt multi-cloud strategies, security providers must focus on cross-platform solutions to address misconfigurations and increase visibility and control over the security posture.
• Enterprises will likely prioritize automation in cybersecurity solutions, especially as teams become increasingly overburdened with alerts. Look for more organizations to demand streamlined, AI-powered threat detection platforms that provide actionable insights quickly.

See the complete blog about The 2024 Elastic Global Threat Report on the Elastic website.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Data Under Siege? NetApp Prioritizes AI & Hybrid Cloud Defense

Microsoft’s Secure Future Initiative Marks Major Progress in Cybersecurity

Commvault Acquires Clumio to Strengthen AWS Cyber Resilience Capabilities

Author Information

Krista Case

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.