Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear.
The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?
Following the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.
With our recent 7.16 Elastic Security product release, we improved our existing Linux malware feature by adding memory protection. In this blog, brought to you by Elastic’s Engineering Security Team, we lean into this recent advancement to show how we are protecting the world’s data from attack.
The Elastic Security team identified a noteworthy cluster of malicious activity after reviewing our threat prevention telemetry. A valid code signing certificate is used to sign malware to help the attackers remain under the radar of the security community. We also discovered a novel malware loader used in the campaign, which we’ve named BLISTER. The majority of the malware samples observed have very low, or no, detections in VirusTotal.
Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2.
CIOs are remaking the IT function — no longer will security and developer teams be siloed. Recent survey data from 451 Research, part of S&P Global Market Intelligence, and published by Elastic shows a major shift in who is using application security tools, suggesting that DevSecOps is not just an idea, but a growing reality for IT decision makers. IT decision-makers allocated application security tools to 48% of development teams in 2020, compared to just 29% in 2015.
To understand how Elastic is currently assessing internal risk of this vulnerability in our products please see the advisory here.
Elastic has been recognized as a Customers’ Choice in the 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Incident and Event Management (SIEM) report with an overall rating of 4.6 out of 5 based on 51 reviews as on November 25, 2021. The report combines the feedback and experiences of more than 51 Elastic Security customers on Gartner Peer Insights™. Elastic’s Willingness to Recommend score was 98% — the highest of all vendors included in the report.
Amid a growing network of endpoints to support telework and cloud-based applications, US federal civilian agencies are protecting government resilience and resources with a new Continuous Diagnostics and Mitigation Dashboard (CDM Dashboard) built on the Elastic search platform. At a recent MeriTalk Cyber Central: Defenders Unite event, participants learned about how Elastic, in partnership with ECS, enables security operations center (SOC) teams with cyber visibility at speed and scale.
