We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Cyberattacks have been increasing in both frequency and severity, but it’s not just because malicious actors are upping their game (though they very much are). Many cybersecurity veterans feel that the effective solutions the industry has put out over the years aren’t fully being taken advantage of, and now a new report from IBM sheds light on the ways enterprises are leaving the door wide open. It also details a “booming” dark web marketplace for compromised cloud accounts, where some credentials are selling for just a few dollars.
The 2021 X-Force Cloud Security Threat Landscape Report, published today, found that two out of three breaches of cloud environments studied were caused by improperly configured APIs. The team also observed virtual machines with default security settings that were erroneously exposed to the internet, including misconfigured platforms and insufficiently enforced network controls. Additionally, the researchers found password and policy violations — such as unchanged default credentials, weak passwords, and shadow IT — in 100% of cloud penetration tests conducted over the past year.
Overall, the report concludes that fixing misconfigurations across applications, databases, and policies could have stopped two-thirds of breached cloud environments observed by IBM. But X-Force team member Charles DeBeck says the main takeaway isn’t that enterprises aren’t doing the basics, but rather that as they try to, they’re crashing into a complexity wall that they inadvertently built around their business. His thoughts echo those from a variety of seasoned security experts, who recently cited the pace of digital transformation — specifically cloud adoption — as the major factor adding complexity and contributing to the current cybercrime environment.
“For years, businesses have been bolting tool on top of tool, creating a security maze that is difficult to untangle, let alone manage,” DeBeck told VentureBeat. “It has hindered their ability to detect threats across their massive, ever-expanding digital infrastructure, as well as their ability to quickly automate a remediation response.”
Cloudy with a chance of ransomware
Use of cloud technology is exploding in the enterprise. Gartner predicts 70% of all enterprise workloads will be deployed in the cloud by 2023, up from 40% in 2020. And overall, worldwide public cloud services are predicted to grow from $387.7 billion in 2021 to $805.5 billion in 2025, according to Gartner. So of course, this is where malicious actors are turning their attention.
“We’re seeing a whole host of malware families developing new cloud-focused capabilities,” DeBeck said. “This indicates to me that threat actors realize cloud is where things are going, and they’re investing accordingly. And that means that cloud security will continue to be critical.”
In addition to tactics used to breach enterprise clouds, the IBM researchers also uncovered a thriving dark web marketplace where nearly 30,000 compromised cloud accounts were for sale at bargain prices. Some were being sold for just a few dollars, while others cost over $15,000 per account access credential. And in 71% of cases, threat actors offered Remote Desktop Protocol (RDP) access to cloud resources, supplying cybercriminals direct access and turnkey options to further automate their access to cloud environments.
These findings represent IBM’s insights from reviewing multiple dark web marketplaces from July 2020 through July 2021. The report states that dark web research is ever-changing, but this trend is likely to stick around.
“This is a huge booming business, and as long as there is money to be made criminals will keep targeting cloud environments,” DeBeck said.
Securing the enterprise
In the report’s conclusion, IBM Security X-Force suggests cloud users implement a multi-phased approach for preparation and response to cloud security incidents. Recommendations include adopting a zero trust philosophy and putting into place strong access control practices, including multi-factor authentication (MFA) and the principle of least privilege for cloud identities. Additionally, the team advises enterprises scope penetration testing projects to identify vulnerabilities and also engage in adversary simulation exercises, using cloud-based scenarios to train and practice effective cloud-based incident response.
There’s also an emphasis on using an open and integrated security approach to help connect the dots between security data that resides across a fragmented cloud environment.
“It’s essential that businesses double down on modernizing their hybrid cloud infrastructure,” DeBeck said. “They must treat their cloud environments as one single architecture, taking an open and integrated approach to get in front of these preventable and, today, anticipated risks.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.