A recent report from IBM Security X-Force highlights a concerning trend in cloud security incidents. According to the report, compromised account credentials have become the most common point of entry for cloud intrusions, accounting for over one-third of observed incidents in the past year.
Furthermore, this marks a significant increase from just 9% in the previous year. The research also reveals that these credentials often have over-privileged access, making them valuable targets for attackers looking to penetrate cloud environments.
The rise in credential-based attacks underscores the importance of organizations moving beyond traditional authentication methods and focusing on improving credential hygiene. Attackers are actively exploiting weak or improperly managed credentials to carry out their attacks.
At the same time, the report highlights that valid, compromised credentials are highly sought after in the cybercrime marketplace, constituting nearly 90% of assets for sale on the dark web. These credentials are relatively affordable, with an average price of approximately $10.68 each.
Additionally, the report also identifies Microsoft Outlook Cloud credentials as the most popular access points available for sale on the dark web, with over 5 million mentions. Additionally, it notes that phishing attacks and the exploitation of public-facing applications tied as the second-most prevalent entry points for cloud security incidents, each accounting for around 14% of observed incidents.
This report serves as a critical warning to organizations, emphasizing the need to enhance credential management and employ robust security measures to protect against credential-based intrusions in cloud environments.
