Recommended
Recommended
More Related Content
Similar to Elastic Security Labs Brief
Similar to Elastic Security Labs Brief (20)
More from Joseph DeFever
More from Joseph DeFever (11)
Recently uploaded
Recently uploaded (20)
Elastic Security Labs Brief
- 1. Elastic Security Labs ela.st/research Elastic Security Labs provides research on emerging threats with analysis of strategic, operational, and tactical adversary objectives. Based on this research, the team integrates built-in detection and response capabilities within the Elastic Security solution, enabling users to defend their organizations against the latest malware, ransomware, and vulnerabilities in real time. We believe that protecting the world’s data from attack is only possible with collaboration from users, partners, and fellow security vendors. As such, we have embraced a free and open approach to security that allows for better collaboration amongst security professionals. The team publishes a variety of content to help you protect your environment by staying on top of the latest threats: • Analysis of malware signatures, behavioral protections, and detection rules assessed against real-world malware and adversary techniques • Articles focused on vulnerabilities, exploits, and other research relevant to the security community at large • Tools created to aid in the collection and analysis of threat data • Frequent reports that summarize the latest in security research Research priorities are chosen through open-source research vehicles, inputs from high-confidence third parties, and data collected from Elastic’s evolving telemetry. Identified Vulnerabilities The team has recently identified several high-profile vulnerabilities and rapidly responded with appropriate protections. For each identified vulnerability, the team not only provides detailed analysis on what the threat is, who is affected, and how to respond, but also quickly implements built-in protections against these threats to ensure Elastic Security users are covered. Want to check out Elastic Security for yourself? Try it free at ela.st/elastic-security, or spin up your own open source deployment with no time or size restriction.
- 2. security labs Log4j2 Vulnerabiilty Open source logging framework The Elastic Security team released a continuously updated blog on how to detect log4j2 exploits using Elastic Security, as well as a response and analysis on the security flaw itself. Dirty Pipe Malware Linux-based exploit Elastic’s research on Dirty Pipe demonstrates how the vulnerability can be detected via Auditd, what countermeasures can be used once detected, and how to respond to this exploit using Elastic Security. BLISTER Malware Novel malware loader The depth of protection offered with Elastic Security meant we were still able to identify and stop in-the-wild attacks. Existing Elastic Security users can access these capabilities within the product. Learn more in our full-length blog. PHOREAL/RIZZO Malware targeting Southeast Asian financial organizations The Elastic Security research team identified this payload when investigating a specific cluster of Windows memory protection shellcode alerts. Review the detailed summary the Elastic Security team performed on the REF4322 payload, and steps for recovery, detection, and mitigation. Operation Bleeding Bear Destructive malware targeting Ukraine In our full analysis, we outline defensive recommendations, specific IoCs, and a how-to-locate and remediate guide using Elastic Security and the MITRE ATT&CK® framework — identifying malware components at each stage. ob-elasticsecuritylabs-2022-0503 | elastic.co | © 2022 Elasticsearch B.V. All rights reserved.