Highlights:

  • The report’s key conclusions focus on three main trends: the rise in dangers to cloud security owing to human error, the malicious usage of commercial software, and the diversification of endpoint attacks because of endpoint security software’s generally high efficacy.
  • Windows endpoints accounted for 54% of all malware infections, whereas Linux endpoints accounted for 39%.

Nearly 33% of attacks in the cloud were found to exploit credential access, according to the 2022 Elastic Global Threat Report. The findings show that customers frequently overestimate the security of their cloud environments and subsequently fail to configure and defend them appropriately.

The report’s key conclusions focus on three main trends: the rise in dangers to cloud security owing to human error, the malicious usage of commercial software, and the diversification of endpoint attacks because of endpoint security software’s generally high efficacy.

Additionally, while commercial adversary simulation software like CobaltStrike aids many teams in defending their environments, it is also being used maliciously to implant large amounts of malware.

The Elastic report also made the following conclusions:

  • Windows endpoints accounted for 54% of all malware infections, whereas Linux endpoints accounted for 39%.
  • Meterpreter contributed the most malware and payloads for Linux, with 14%, followed by Gafgyt with 12% and Mirai with 10%.
  • With 35% of all detections, CobaltStrike was found to be the most often used malicious binary or payload for Windows endpoints, followed by AgentTesla (at 25%) and RedLineStealer (at 10%).

Finally, threat actors use more than 50 endpoint infiltration strategies, indicating that endpoint protection is adequate because its sophistication necessitates that threat actors continuously develop new or creative means of attack.

Methodology

The report was created by the Elastic Security Labs, its threat research, malware analysis, and detection engineering team, utilizing data from Elastic Security deployments conducted globally between August 2021 and August 2022.