The latest study has indicated that ransomware is becoming a more diverse and prevalent threat, making countering it a difficult and time-consuming process.
Furthermore, practically every cloud infrastructure attack starts with credential theft.
"Highly prevalent" ransomware
Having said that, the majority of malware identified is made up of a couple of "highly prevalent" ransomware families linked with off-the-shelf tools. BlackCat, Conti, Hive, Sodinokibi, and Stop have ascended to the top of the list as the most prominent ransomware families, accounting for more than four-fifths (81%) of all ransomware activity.
The majority of threat actors choose Cobalt Strike and Metasploit as off-the-shelf tools (5.7% of all signature events). These families account for over two thirds (68%) of all Windows infection attempts.
91% of malware signature incidents were found on Linux endpoints, with Windows accounting for the remaining 6%. Most threat actors hide in appliances, edge devices, and other extremely low visibility platforms in order to stay undetected.
Cloud issues
Elastic discovered that focusing on cloud-based solutions is a completely different beast. Businesses are increasingly moving from on-premises solutions, but they are sloppy, resulting in numerous misconfigurations, inadequate access restrictions, insecure credentials, and no functional principle of least privilege models. Threat actors are taking use of all of this to infiltrate environments and deploy malware.
Security experts also detected defence evasion (38%), credential access (37%), and execution (21%), as the most common strategies linked to threat detection signals for Amazon Web Services. More than half (53%) of all credential access incidents involved compromised legitimate Microsoft Azure accounts.
“Today’s threat landscape is truly borderless, as adversaries morph into criminal enterprises focused on monetizing their attack strategies,” stated Jake King, head of security intelligence and director of engineering at Elastic.
“Open source, commodity malware, and the use of AI have lowered the barrier to entry for attackers, but we’re also seeing the rise of automated detection and response systems that enable all engineers to better defend their infrastructures. It’s a cat-and-mouse game, and our strongest weapons are vigilance and the continued investment in new defence technologies and strategies.”