A new report released on Wednesday from IBM Security X-Force found that some two-thirds of breached cloud environments were caused by misconfigurations across applications, databases, and security policies.
Some of the report’s highlights include the following: Two out of three breached cloud environments were caused by improperly configured application programming interfaces. X-Force researchers found password and policy violations in the vast majority of pen tests conducted in the past year. And cryptominers and ransomware account for more than 50% of detected system compromises.
These findings from IBM should once again serve as a wake-up call to some of the shortcomings the industry has in following basic security principles, said Alec Alvarado, threat intelligence team lead at Digital Shadows. Alvarado said while it’s interesting that the most identified issues reside in passwords, misconfigurations, or failures in policy implementation, the observations are not necessarily surprising.
“Threat actors continue to exploit the path of least resistance, and cloud environments are a goldmine as organizations often misconfigure or poorly protect them,” Alvarado said. “We have observed considerable amounts of cloud accesses advertised in cybercriminal forums resulting in a decrease of overall access costs, as mentioned in the report, sometimes for a few dollars.”
Jason Kent, hacker-in-residence at Cequence, added that as the industry races forward with digital transformation, IT teams embrace the cloud, but miss the standard protection mechanisms needed for on-premises.
“We see developers embrace creating applications with APIs only to see them miss much-needed authentication and authorization protocols,” Kent said. “The cloud isn’t all that new anymore, but as more and more organizations see its advantages, they need to realize they are creating more and more complexity in their environment that leaves more and more vulnerabilities that might be exploited.”
Garret Grajek, CEO of YouAttest, added that configuration errors extend beyond the enterprise boundary. Grajek said hackers know most of the valuable information (health data, financial information) now exists in the cloud, and the pandemic has only accelerated this move.
“The very nature of rapid migration left enterprises exposed to hacks,” Grajek said. “Permissions and rights were consistently over-granted during the migrations, to the point now where they are the key target for hackers in these newly deployed cloud resources. The same practices of identity and account review now need to be practiced on cloud resources as were performed upon on-premises resources."