Elastic® (NYSE: ESTC) ("Elastic"), the company behind Elasticsearch®, today announced its second Elastic Global Threat Report, issued by Elastic Security Labs. Based on observations from more than 1 billion data points over the last 12 months, the report reveals ransomware is expanding and diversifying; more than half of all observed malware infections were on Linux systems; and credential access techniques have become an essential part of the cloud intrusion process.
Key findings from the report include:
Malware Trends
The majority of malware observed was composed of a small number of highly prevalent ransomware families and commercial off-the-shelf (COTS) tools. As financially motivated threat communities adopt or offer malware-as-a-service (MaaS) capabilities, enterprises should heavily invest in developing security functions with broad visibility of low-level behaviors to expose previously undiscovered threats.
- BlackCat, Conti, Hive, Sodinokibi and Stop are the most prevalent ransomware families we identify through signatures, amounting to about 81% of all ransomware activity.
- COTS malware capabilities like Metasploit and Cobalt Strike represented 5.7% of all signature events. On Windows, these families amounted to about 68% of all infection attempts.
- Around 91% of malware signature events came from Linux endpoints, while Windows endpoints accounted for only about 6%.