A hot potato: In 2020, many companies migrated to the cloud to try and adapt their infrastructure to a pandemic-affected world. The migration brought both new business opportunities and new security threats, as a recently unveiled IBM report highlights.
According to IBM X-Force, Big Blue’s platform for threat intelligence sharing and research, the cloud is now the main focus of cyber-criminals trying to sell logins to script kiddies on dark web marketplaces. Stolen cloud credentials now make up almost 90% of digital goods on sale through darknets, and they are extremely cheap as well.
The latest IBM X-Force Cloud Threat Landscape Report analyzed “real world” cloud cyber-security incidents IBM has responded to over 12 months, collecting information from threat intelligence, pentests, and dark web analysis (in partnership with Cybersixgill) compiled between June 2022 and June 2023. Companies were quick to adopt cloud infrastructures because of the COVID-19 pandemic, the report highlights, but the same cannot be said for a proper, cloud-specific security posture.
On the other hand, X-Force Head of Research John Dwyer says that criminals are quicker to adapt their tools and methodologies in search of the best way to gain access to networks. This access is increasingly based on cloud services, because of their rapid expansion and technology complexity.
Stolen cloud credentials are also very cheap these days, as according to Dwyer they can be purchased “for the same cost as some donuts.” Most organizations also use more than one cloud service, which makes things even more complicated and potentially insecure. X-Force analyzed 632 new cloud-related CVE-tracked vulnerabilities during a 13-month period, which constitutes a whopping 194% increase from last year.
The number of security vulnerabilities discovered in 2022 was, however, unusually low (about 200), while the flaws tracked in the latest report are almost on par with the numbers recorded in 2021. This year’s bugs were more dangerous, though, because about 60% of these flaws were able to provide cyber-criminals with a successful access to information, user privileges or login credentials.
X-Force also discovered an embarrassing amount of plaintext credentials on user endpoint systems (33%), which were obviously involved in the cloud-related incidents IBM analyzed. Valid credentials have become the most common initial access vector in cloud security breaches, X-Force reports, as they are (ab)used in 36% of all cases.
The report also suggests what organizations can do to mitigate the dangers coming from the cloud. Network segmentation to restrict access to sensitive resources could help a lot, and best-practices for endpoint security are also valid for cloud environments. Therefore, companies should implement a “zero-trust approach” to security with multi-factor authentication, modern identity and access management, and forcing users to avoid reusing usernames and passwords.