How 2022’s threats will impact the global landscape in 2023
In this Help Net Security video, Devon Kerr, Team Lead, Elastic Security Labs, talks about the 2023 Global Threat Report Spring edition.
In this report, the Elastic Security team highlights how they’ve noticed a slight increase in Linux binaries with the capability to leverage a proxy for potential command and control purposes.
When targeting Linux endpoints, adversary playbooks often include using a backdoor binary, as previously discussed, followed by installing a proxy server for command and control. This may become a more common occurrence as hybrid- cloud environments leverage more Linux backend servers with misconfigurations or poor security implementations that are publicly accessible.
For MacOS file signatures: XMRig ranked the highest at ~39% of all detections. XMRig is a cross-platform open-source coin miner supported on Windows, Linux, BSD, and MacOS. While it may be deployed legitimately, it is also broadly used by adversaries for its efficiency.