2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Fall 2023 Global Threat Report Outro — Elastic Security Labs

Fall 2023 Global Threat Report Outro — Elastic Security Labs>

Elastic Security Labs has released the October 2023 Global Threat Report, marking their second annual publication.
This report showcases an increase of over 1000% in the volume of events compared to the previous year, as well as new types of threats and enhanced visibility.
The success of this publication is credited to the active participation of users who share more than one billion security events annually and the dedicated team at Elastic.
The Threat Research and Detection Engineering team (TRaDE) played a crucial role in developing features like rules and investigation guides.
Additionally, Terrance DeJesus, known for his expertise in cloud attack surface and security operations, contributed to the inaugural report.
The Security Data Analytics (SDA) team, led by Chris Donaher, managed the systems responsible for analyzing telemetry and handled hundreds of millions of events.
The goal of Elastic Security Labs is to provide security teams with actionable intelligence to better prepare for and mitigate threats.
By making knowledge and resources readily accessible, including publications like the Global Threat Report, they aim to improve security outcomes and foster collaboration.
The report highlights several factors that react to security innovations, such as adversaries investing heavily in defense evasion techniques, tampering with security instrumentation, and relying on credential theft for business email and cloud-resource compromise.
Defense evasion was observed to be a common trend among adversaries, accounting for more than 43% of techniques and procedures.
The report identifies System Binary Proxy Execution as a significant defense evasion technique that adversaries employed.
Additionally, endpoint tampering, exemplified by Bring Your Own Vulnerable Driver (BYOVD), was observed to disable or tamper with security tools.
Credential theft, although accounting for only 7% of analyzed data, was found to leverage built-in operating system features in 80% of cases.
Stolen credentials provide a means for threat actors to directly access critical data, such as email accounts, intellectual property, or cloud resources.
The Global Threat Report, available for download, provides further insights, forecasts, and threat profiles.
Elastic Security Labs encourages engagement through webinars for a detailed discussion on the results and offers various other assets for exploration.
Link: https://www.elastic.co/security-labs/fall-2023-global-threat-report-outro

Categories:

Tags: