IBM Warns: Compromised Credentials Drive Surge in Cloud Security Incidents
IBM's latest review reveals a concerning rise in cloud security incidents, with a significant increase in the use of compromised credentials as an entry point. The study, covering the year ending June 2023, found that one-third of user endpoints had plaintext social security numbers exposed, while phishing attacks and exploited applications tied for second place in causing incidents.
The most alarming trend is the surge in credential-based attacks. In 2022, only 9% of cloud intrusions started this way, but this figure skyrocketed to 36% in 2023. The cybercriminal group 'C1c0n1' was particularly active, responsible for the most sales of compromised Microsoft Outlook iCloud credentials on the dark web last year, with over 5 million mentions.
Over-privileged credentials left exposed provide attackers with a foothold to delve deeper into targets' cloud environments. Valid, compromised account credentials were the initial access vector for over a third of cloud intrusions observed by IBM Security X-Force in the last year. These credentials are also highly sought after on the dark web, accounting for nearly 90% of assets for sale, with an average price of $10.68 each.
The increasing reliance on compromised credentials for cloud intrusions underscores the urgent need for organizations to adopt stronger, non-human reliant authentication methods. As plaintext credentials remain prevalent and valuable on the dark web, enhancing cloud security must be a priority for businesses.
