Global Threat Report, Vol.1 2022

“The future of security is open. In a world of dynamic, fast-moving, and well-resourced threat actors, digital security’s best hope lies in bringing like-minded defenders together around platforms that are as open and inter-operable as possible.” – Nate Fick

U.S. Ambassador at Large for Cyberspace & Digital Policy and Formerly Elastic Security General Manager and Endgame CEO

This Elastic Global Threat Report is a product of Elastic Security Labs, our threat research branch with expertise in investigating computer network intrusions, analyzing malicious software, developing mitigations for broad categories of threats, and conducting intelligence analysis. Elastic Security Labs is a group of passionate security professionals who research security topics to improve the Elastic Security product and share what we learn with the broader community.

Our philosophy is straightforward: the best way to protect the world’s data is by weaponizing defensive technologies. We create environments that are hostile to threats because that is the single most effective way to change the threat landscape. While many security vendors choose a passive, “wait-and-see” mentality, threats are constantly adapting and evolving, thereby demanding a more proactive approach.

This report describes threat phenomena, trends, and recommendations we believe will help organizations prepare for the future. Elastic discloses malware research, attack patterns, and clusters of malicious activity to the community — summarized in this inaugural report.

Throughout this report, we observe that financially motivated threats are the most active, and the groups responsible for them are acting with increasing speed. These rapidly expanding mitigation in their environments, resulting in bigger wins for adversaries.

Elastic telemetry, voluntarily shared and enriched with cutting-edge innovations, as well as public and other third-party data, provides the datavalidated material for this report. Information has been responsibly sanitized to protect the identities of customers, where applicable.

Elastic primarily uses telemetry to improve feature efficacy and to provide organizations with additional security context through publications such as this. We welcome the opportunity to partner with our customers in this way to analyze their data, anonymously sharing what we learn with the larger security industry.

In order to effectively prevent cybersecurity threats, an organization needs visibility, capability, and expertise. Elastic Security delivers this foundation, and our global instrumentation allows us to quickly deploy community protections against threats. This report contains information about the threats we see and respond to — such inputs are essential for developing future Elastic features.

By sharing these insights, we at Elastic Security Labs hope to normalize the discussion of vendor visibility and demonstrate how our unique perspective empowers the developers of security technologies to maximize positive outcomes for their users and the community at large.