A hot potato: In 2020, many companies migrated to the cloud to adapt their infrastructure to a pandemic-affected world. The migration brought both new business opportunities and new security threats, a recent IBM report highlights.
According to IBM, stolen cloud credentials now account for nearly 90% of digital goods sold on darknets, and they’re extremely cheap, too.
The newest IBM X-Force Cloud Threat Landscape Report analyzed “real-world” cloud cybersecurity incidents that IBM responded to over 12 months, gathering information from threat intelligence, pen testing and dark web analysis (in collaboration with Cybersixgill) compiled between June 2022 and June 2023. Enterprises have been quick to adopt the cloud. The report highlights that infrastructures have become dysfunctional due to the COVID-19 pandemic, but the same cannot be said for a proper cloud-specific security posture.
On the other side: X-Force research director John Dwyer says that criminals adapt their tools and methods more quickly to find the best way to gain access to networks. This access is increasingly based on cloud services due to their rapid spread and technological complexity.
Stolen cloud credentials are also very cheap these days, as they can be purchased for “the same price as some donuts,” according to Dwyer. Most companies also use more than one cloud service, making things even more complicated and potentially insecure. X-Force analyzed 632 new cloud-related CVE-tracked vulnerabilities over a 13-month period, a whopping 194% increase year-over-year.
However, the number of vulnerabilities discovered in 2022 was unusually low (around 200), while the vulnerabilities recorded in the latest report are almost on par with the numbers recorded in 2021. However, this year’s bugs were more dangerous, with approximately 60% of these vulnerabilities allowing cybercriminals to successfully access information, user rights or login credentials.
X-Force also discovered an embarrassing amount of plaintext credentials on user endpoint systems (33%) that appeared to be involved in the cloud-related incidents IBM analyzed. According to X-Force, valid credentials have become the most common initial access vector in cloud security breaches, being (misused) in 36% of all cases.
The report also suggests what organizations can do to mitigate the threats posed by the cloud. Network segmentation to limit access to sensitive resources could help a lot, and endpoint security best practices also apply to cloud environments. Therefore, companies should implement a “zero trust approach” to security with multi-factor authentication, modern identity and access management, and force users to avoid reusing usernames and passwords.