Elastic Security Research Roundup
The job of researching the latest vulnerabilities, campaigns, attack patterns, and threat actors is never complete. The Elastic Security Intelligence and Analytics team’s charter is to democratize access to knowledge and capabilities. We believe doing so is the key to changing the threat landscape and we publish this information to educate Elastic customers and the larger security community.
Our security team researches and publishes information about malware, threat actors, campaigns, attack patterns, and specific vulnerabilities. Here’s a roundup of our latest findings and how to protect your organization.
Log4j vulnerability research
Quickly after the Log4j vulnerability was released, Elastic provided guidance on how to find the Log4Shell vulnerability using the Elastic Security and Observability solutions. Log4sh impacted organizations from Minecraft to Oracle during one of the busiest vacation seasons. Elastic researched the vulnerability and published more than four articles about this threat quickly as the threat unfolded, including a response and analysis on the security flaw itself and an up-to-date blog on how to detect log4j2 exploits using Elastic Security. As this threat continues to unfold, so will the research from Elastic on the topic.
BLISTER malware campaign campaign, identified by Elastic Security
The Elastic Security Intelligence and Analytics team recently uncovered the BLISTER malware campaign and delivered the first research about this campaign. Elastic researchers uncovered a novel malware loader, BLISTER, that was used to execute second-stage, in-memory malware payloads and maintain persistence during the campaign execution — leveraging valid code signing certificates to evade detection.
At the time of the research being published, VirusTotal had very low or no detections active for the identified malware samples. After the research was published, VirusTotal and other security vendors began tagging actions from this malware campaign as suspicious.
Beaconing malware attacks
Beaconing software can be difficult to detect. Elastic researchers have recently written several articles about this type of command and control communication and how to identify it. The Elastic team recently published research about how to find and respond to Cobalt Strike beaconing attacks. Additionally, the team provided a detailed how-to article on how to find beaconing malware with Elastic.
Operation Bleeding Bear
Elastic research also recently verified malware attacking the Ukraine government, Operation Bleeding Bear. After the vulnerability had been identified publicly, Elastic quickly verified the evasive malware and published research to alert Elastic customers and the security industry as a whole.
Threats yet discovered…
The Elastic Security Intelligence and Analytics team continues to research and respond to groundbreaking threats in its mission to help Elastic customers and the broader security community. If you’re using Elastic Security already, you can expect to see our latest findings in the newsfeed within the platform. We’ll also post our latest findings on elastic.co/blog.
Did you know that you can get started with a free 14-day trial of Elastic Cloud? Or download the self-managed version of the Elastic Stack for free.