However, mature threat actors are learning how to overcome obstacles — like leveraging inherent vulnerabilities in privileged device drivers for Windows to disable EDR sensors, injecting into privileged processes to delete critical security logs, or unloading security components to prevent security ingest from occurring. Our research shows a 6% decrease in defense evasion from last year,” said Jake King, head of threat and security intelligence at Elastic. Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. “Adversaries are more focused on abusing security tools and investing in legitimate credential gathering to act on their objectives, which reinforces the need for organizations to have well-tuned security capabilities and policies. These malware families are typically distributed to Internet of Things (IoT) devices like residential broadband routers using hardcoded credentials or unpatched vulnerabilities, and are used to launch distributed DDoS attacks and to hijack advertising or DNS networks. 47% of Microsoft Azure failures were tied to storage account misconfigurations, while 44% of Google Cloud users failed checks related to BigQuery, specifically due to a lack of customer-managed encryption. S3 checks accounted for 30% of Amazon Web Services (AWS) failures — specifically a lack of MFA being implemented by security teams. Enterprises need to work harder to constrain public- facing systems, enforce MFA, minimize their attack surface, and protect data needed to detect threats.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 04 Oct 2024 03:43:06 +0000