Elastic Global Threat Report 2023: Top cybersecurity forecasts and recommendations

gtr-forecast-blog.jpg

We are excited to announce the release of the 2023 Elastic Global Threat Report, a comprehensive analysis of over one billion data points. The report provides insights into the methods, techniques, and trends of threat actors from the perspective of defenders, helping customers, partners, and security teams to prioritize and improve their security posture.

The observations in the report are based on anonymized Elastic telemetry and public and third-party data submitted voluntarily. Our goal is to demonstrate how our unique perspective empowers security technology developers and practitioners.

Elastic Security forecasts and recommendations highlights

The Global Threat Report provides valuable insights into the cyber threats that you may face in 2024. It shows how threat actors are becoming more sophisticated and stealthy and how they leverage public tools and resources to conduct their attacks. It also offers guidance and best practices on how to protect yourself and your data from these attacks. Here are some of the key forecasts and recommendations from the report:

Forecast 1Recommendation
Adversaries will become more reliant on open-source communities for implants, tools, and infrastructure.
  • Threat actors are using code from open sources in their attacks.
  • This includes legitimate libraries like OneDriveAPI, tools like SharpShares, and implants like Sliver.
  • Adversaries will continue to take advantage of publicly exposed projects.
Organizations should scrutinize direct downloads from code-sharing websites and consider limiting access. While this wouldn’t impact code reused by threat actors, it could prevent precompiled binaries or portable scripts from facilitating a compromise. Enterprises should evaluate their visibility of emerging adversarial frameworks.

Forecast 2Recommendation
Cloud credential exposure will be a primary source of data exposure incidents.
  • Adversaries are targeting cloud credentials to steal data and stage malware.
  • Cloud storage is often not segmented in large organizations, making it easy for adversaries to access with stolen credentials.
  • Exposed cloud computing credentials could increase the prevalence of coinminers and other malware.
Least privilege accounts and robust authentication mechanisms can be augmented by monitoring user-entity behaviors, solutions that may depend on reasonable segmentation of data.

Forecast 3Recommendation
Defense evasion is going to remain the top investment, and tampering will supersede masquerading.
  • Security industry dynamics have led to the development of robust endpoint prevention features, but adversaries are aware that bypassing these features is crucial for achieving their goals.
  • This trend is expected to lead to a decline in masquerading attacks.
  • Real-world evidence supports this shift, exemplified by tactics like Bring Your Own Vulnerable Driver.
Enterprises should evaluate the tamper-resistant nature of their endpoint security sensors and consider monitoring projects like living off the land drivers, which tracks the many vulnerable device drivers used to disable security technologies.

Stay ahead of attackers with Elastic Security

These forecasts provide just a brief snapshot of the threats, attackers, and defenses we expect to be in play in the coming year. They also show how we use this knowledge to improve Elastic Security and inform our future plans. For a more detailed overview of the security landscape and where it’s headed, you can access the full 2023 Elastic Global Threat Report.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.