Ransomware is expanding and diversifying according to the Elastic Global Threat Report, issued by Elastic Security Labs.
“Today’s threat landscape is truly borderless, as adversaries morph into criminal enterprises focused on monetising their attack strategies,” said Jake King, head of security intelligence and director of engineering at Elastic.
Key findings
Based on observations from more than 1 billion data points over the last 12 months, the most prevalent ransomware families are BlackCat, Conti, Hive, Sodinokibi, and Stop, making up about 81% of all ransomware activity. Linux endpoints are the source of 91% of malware signature events, while about 6% came from Windows endpoints.
Sophisticated threat groups evade security by withdrawing to low-visibility platforms. Execution and Defense Evasion make up more than 70% of all endpoint alerts.
Malicious players take advantage of misconfigurations, lax access controls, unsecured credentials, and no functional principle of least privilege (PoLP) models.
“Open source, commodity malware, and the use of AI have lowered the barrier to entry for attackers, but we’re also seeing the rise of automated detection and response systems that enable all engineers to better defend their infrastructures. It’s a cat-and-mouse game, and our strongest weapons are vigilance and the continued investment in new defense technologies and strategies,” adds King.