Offensive security tools and misconfigured cloud environments continue to pose significant risks to organizations, creating openings in the attack surface for threat actors to exploit. According to Elastic, adversaries are increasingly utilizing off-the-shelf tools such as Cobalt Strike and Metasploit, which made up approximately 54% of observed malware alerts. Cobalt Strike, in particular, accounted for 27.02% of infections and is known for its effectiveness in post-exploitation activities.
Malware families like Gafgyt, Mirai, and Bedevil, which are commonly distributed to IoT devices for launching DDoS attacks, showed a decrease in prevalence compared to previous years. This shift may indicate efforts to neutralize botnets and prevent their propagation. However, the use of brute force techniques in cloud environments, especially in Microsoft Azure, saw a 12% increase, highlighting the need for stronger security measures to protect against credential access and endpoint behaviors.
The misconfiguration of cloud environments remains a significant challenge for organizations, with storage account misconfigurations accounting for 47% of Microsoft Azure failures. In Google Cloud, 44% of users failed checks related to BigQuery due to a lack of customer-managed encryption, while AWS failures were attributed to the absence of MFA implementation in S3 checks. These vulnerabilities in cloud security underscore the importance of well-tuned security capabilities and policies to defend against cyber threats.
Looking ahead, the malware-as-a-service model is expected to become more popular as cybercriminals seek to abstract themselves from intrusions and government scrutiny. This shift may lower the barrier to entry for less experienced threat groups, but it also complicates attribution and crime-busting efforts. GenAI technologies, which are increasingly used in business operations, present both opportunities and risks in terms of data exposure and system exploitation. Adversaries are likely exploring ways to exploit vulnerabilities in AI models to extract sensitive information or disrupt operations.
Despite the evolving threat landscape, security efforts are making a difference in deterring adversaries and mitigating risks. However, mature threat actors are finding ways to overcome obstacles by exploiting inherent vulnerabilities in systems and processes. Enterprises are urged to enhance their security measures by securing public-facing systems, implementing MFA, reducing their attack surface, and safeguarding critical data to effectively detect and respond to threats. By staying proactive and vigilant, organizations can better defend against emerging cyber threats and protect their digital assets.