IBM Security Services today published a report detailing a raft of issues pertaining to cloud security, including the fact that there are nearly 30,000 cloud accounts potentially for sale on dark web marketplaces.
The report is based on dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and X-Force Threat Intelligence research.
The report found advertisements for tens of thousands of cloud accounts and resources for sale. Prices generally range from a few dollars to over $15,000 per account for access credentials depending on the amount of cloud resources that might be made accessible. On average, the price tag for cloud access rose an extra $1 for every $15 to $30 in credit the account held. Therefore, an account with $5,000 in available credit would be worth about $250, the report surmised.
In 71% of cases, threat actors offered access to cloud resources via the remote desktop protocol (RDP). X-Force Red found that 100% of their penetration tests into cloud environments in 2021 uncovered issues with either passwords or policy violations. Two-thirds of cloud breaches would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems, the report noted.
More troubling still, IBM research indicates that vulnerabilities in cloud applications are growing, totaling more than 2,500 vulnerabilities for a 150% increase in the last five years. Almost half of the more than 2,500 disclosed vulnerabilities in cloud-deployed applications recorded to date were disclosed in the last 18 months.
The report also notes two-thirds of the incidents analyzed involved improperly configured application programming interfaces (APIs), mainly involving misconfigured API keys that allowed improper access. API credential exposure through public code repositories frequently resulted in access into cloud environments as well, the report noted.
Cybercriminals are also developing variants of old malware that are designed to be deployed in Docker containers in addition to developing new types of malware written in programming languages such as like Golang that can be employed across multiple platforms.
Finally, cybercriminals appear to be getting more adept at pivoting from on-premises environments into the cloud. This type of lateral movement of malware was seen in almost a quarter of the incidents X-Force responded to in 2020.
Charles DeBeck, senior cyber threat intelligence and strategic analyst with IBM X-Force Incident Response and Intelligence Services, said more than half of breaches to cloud environments occurred because of some form of shadow IT activity. In general, to mitigate cloud security issues, IT organizations should be embracing zero-trust IT architectures, reducing the overall complexity of their cloud environments and continuously testing for vulnerabilities and misconfigurations.
While each cloud platform might be generally secure, the processes relied on to deploy applications are deeply flawed. Many cloud platforms are provisioned by developers that have little to no security expertise. The odds one of them will misconfigure a service are fairly high. The challenge is finding a way to discover those issue before some entity with evil intent finds a way to exploit them.