Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Many organizations consider the AV-Comparatives' test series a standard of quality and a guarantee of a reliable product. Recently, Elastic participated successfully in the AV-Comparatives’ Enterprise Main Test Series and received the Approved Product award. This prestigious and industry-recognized quality award means that the Elastic Security software has been rigorously checked to ensure that it will perform its intended task competently.

With the release of Elastic Security 8.1, enhance defenses against novel attacks like Log4Shell and prevent adversaries from compromising macOS systems. Achieve visibility into host-based network activity, leverage new sources of threat intelligence, collect data from across your enterprise, and more. Let’s jump in.

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector. Given the continuous pace of malware development, it's no surprise that adversarial groups will leverage successful campaigns as the basis of developing future attacks, and the recently discovered backdoor campaign targeting Vietnamese financial services is no exception.

Recently, we have seen several malware campaigns attacking Ukrainian organizations — Operation Bleeding Bear is a recent one of note. Elastic Security researchers recently verified a data wiper malware campaign that is targeting Ukrainian systems. As this malware campaign is new, with more information being uncovered hourly, it is being referred to as HERMETICWIPER.

Readers Note : This is a summarized post of a detailed write up by the Elastic Security Intelligence and Analytics team. A deep dive on UAC Bypass is available to read here.

We wanted to call out some great adjacent research from the team at Sophoslabs Uncut that was released on December 21, 2021. Research groups frequently analyze similar (or in this case, identical) campaigns through their own unique lens. This is fantastic for the security community, as the campaign gets more eyes and different perspectives applied towards the same problem.

Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis (), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment.

Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear.

The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?

Following the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.