Elastic Unveils 2024 Global Threat Report: AI, Malware, and Cloud Security

cybersecurity testing

With digitalisation, the threats to the IT infrastructure also increase. Keeping that in mind, Elastic, the AI search company, released the 2024 Global Threat Report, with insights into a dynamic threat environment. This shows that without proper cybersecurity testing and protection systems, the IT structure remains vulnerable to these cyber threats.

The report shows how dynamic cyberthreats are and how defensive tactics are evolving. Have a look at this blog to know how critical the new technologies are that can be used to both attack and defend cyber infrastructures.

Navigating the Dynamic Threat Landscape

Cyber attackers and defenders like white-hat hackers are continually adapting to new strategies and technology, creating a lively threat ecosystem. These contemporary cyberthreats are likely to attack any company or network system that lacks high-quality security configurations and maintenance.

Both testing tools and offensive security tools (OSTs) are now considered proactive, even though testing tools can identify security and cloud issues. OSTs, contrastingly, were reported to cause more than half of malware alerts (Cobalt Strike 27.02% and Metasploit 18.23%). These, followed by storage account misconfigurations, a lack of customer-handled encryption, and multi-factor encryption, were also common issues.

Key Insights: Generative AI’s Dual Role

The advent of generative artificial intelligence (AI) has impacted daily life, including cybersecurity. It is one of the most noteworthy developments mentioned in the research. According to Elastic, generative AI carries some hazards in addition to its enormous promise for defenders. Threat actors, for example, have started employing AI to develop complex fake content, such as deep fakes, and to scale up phishing campaigns. Even though they are still in the early stages of development, these AI-driven risks are anticipated to intensify soon.

The research also discusses AI’s involvement in the evolution of malware. While AI-generated malware has yet to gain mainstream usage, there is growing concern that AI-powered technologies can create more adaptive and robust malware. Elastic emphasises the need for strong defences, updated protections, and cybersecurity training, including understanding of AI-driven risks.

Malware Trends: A Deep Dive into Detections

The high malware trends across operating systems show that most organisations and networks lack secure configuration reviews. With 66.12% of all malware cases found, Windows remains the most targeted operating system, followed by Linux (32.20%) and macOS (1.68%). According to the study, malware like GHOSTENGINE, a crypto mining programme found in 2024, has targeted unpatched vulnerabilities in containerised systems. This shows that Windows is the most common target of unauthorised access and cyberattacks.

Trojans remain the most widespread type of malware, accounting for 82.03% of all malware detections. This significant increase over the previous year’s percentage shows the broad adoption of trojanized programmes globally. Although there is a dramatic decrease in cryptominers, ransomware detections remained stable, accounting for 2.10% of all observed malware. Thus, the threat of malware remaining strong, companies and network managers need to ensure high-quality security to stand guard.

Endpoint Behaviours: Defence Evasion and Execution Tactics

The tactics, techniques, and procedures (TTPs) used by attackers are also clarified by Elastic’s research. Windows systems accounted for the majority (92.73%) of endpoint behaviour alerts, showing that attackers know the areas that are common. Although Linux and macOS experience attacks, they are low due to fewer users.

Together, defence evasion, execution, and persistence tactics made up 70% of all endpoint behaviours that attacked users. Among the most widely used defence evasion strategies were process injection and system binary proxy execution.

Defence evasion and privilege escalation remained prominent techniques for Linux, as attacks targeted server systems more frequently. According to the report, attackers are increasingly attempting to disable security mechanisms such as iptables and firewall services in order to facilitate further exploitation.

The Growing Importance of Cloud Security

Credential access and initial access are the primary vulnerabilities associated with cloud environments, making them more and more vulnerable. Info stealers are commonly used by cybercriminals to get credential data. In 2024, Microsoft Azure accounted for the majority of the abnormal incidents caused by cloud security alerts. Attackers most frequently utilised password spraying, brute force assaults, and credential stuffing to gain access to cloud credentials.

Elastic emphasises the importance of improving identity and access management (IAM) across cloud services. The report points out that many breaches arise as a result of weak or insecure credentials affecting all scale users. This is especially important as businesses are now transitioning to cloud-hosted infrastructures for convenience and better connectivity. More because they are doing so without establishing a proper security infrastructure.

Moving On, What Should You Do?

It is best if you, as a user, make sure that all your systems and networks go through regular, verified cybersecurity testing. Make sure that the security system is not weak. Ensure constant vigilance, consistent defence mechanism upgrades, and improved cybersecurity training for yourself and your stakeholders. Particularly with regard to threats caused by AI.
Elastic’s underlying message is clear. While the cybersecurity landscape is more complex than ever, the tools and technologies used to defend against these threats are continually changing. This is a warning and a call to action for businesses and security professionals to be aware and prepared.

To make sure that you stay safe from these threats, Cybernetic Global Intelligence can help with IT security services. Visit www.cyberneticgi.com to know more, or dial 1300 292 376 to book services. You can also mail at contact@cybernetic-gi.com for queries.

Post a Comment