As we step into October and mark the beginning of Cybersecurity Consciousness Month, organizations’ concentrate on defending digital belongings has by no means been extra necessary. As modern new cloud and generative AI options assist advance at present’s companies, it’s additionally necessary to know how these options have added to the complexity of at present’s cyber threats, and the way organizations can tackle them. That’s why IBM—as a number one international safety, cloud, AI and enterprise service supplier—advocates to our international shoppers to take a proactive method to embedding safety into all elements of their enterprise.
To that finish, the 2024 IBM X-Pressure Cloud Risk Panorama Report supplies an in-depth have a look at probably the most impactful dangers organizations face at present, and why implementing correct safety mitigation methods for cloud environments is important to a company’s success. Drawing upon menace intelligence, incident response engagements, and partnerships with Cybersixgill and Crimson Hat Insights, the IBM X-Pressure staff presents distinctive insights on how adversaries are compromising cloud infrastructure by leveraging adversary-in-the-middle (AITM) assaults, enterprise e-mail compromise (BEC) and different assault strategies.
For instance, this 12 months’s report highlights how attackers know that credentials are the keys to cloud environments and are extremely sought-after on darkish net marketplaces. For that reason, attackers are utilizing phishing, keylogging, watering gap and brute power assaults to reap credentials. Moreover, darkish net analysis highlights the recognition of infostealers, that are used to steal cloud platform and service-specific credentials.
Among the different key findings from this 12 months’s report reveal subtle assault strategies and methods of exploiting cloud environments that embody:
- Phishing is the main preliminary entry vector. Over the previous two years, phishing has accounted for 33% of cloud-related incidents, with attackers typically utilizing phishing to reap credentials via adversary-in-the-middle (AITM) assaults.
- Enterprise E mail Compromise (BEC) assaults go after credentials. BEC assaults, the place attackers spoof e-mail accounts posing as somebody inside the sufferer group or one other trusted group, accounted for 39% of incidents over the previous two years. Risk actors generally leverage harvested credentials from phishing assaults to take over e-mail accounts and conduct additional malicious actions.
- Continued demand for cloud credentials on the darkish net, regardless of market saturation. Gaining entry by way of compromised cloud credentials was the second commonest preliminary entry vector at 28%, regardless of total mentions of SaaS platforms on darkish net marketplaces, which decreased by 20% in comparison with 2023.
Obtain the report
AITM phishing results in enterprise e-mail compromise and credential harvesting
AITM phishing is a extra subtle type of a phishing assault the place attackers place themselves between the sufferer and a official entity to intercept or manipulate communications. One of these assault is especially harmful as a result of it might bypass some types of MFA, making it a strong software for cybercriminals.
As soon as inside a sufferer’s setting, menace actors search to hold out their aims. Two of the most typical actions noticed by X-Pressure have been BEC assaults (39%) and credential harvesting (11%). For instance, after an attacker compromises a cloud-hosted e-mail platform, they may carry out a number of duties akin to intercepting delicate communications, manipulating monetary transactions, or utilizing compromised e-mail accounts to conduct additional assaults.
Leveraging safety menace intelligence to tell the enterprise’ worker coaching packages may be key to serving to mitigate all types of phishing assaults, together with AITM. Staff must be educated to precisely acknowledge and report phishing strategies, spoofed emails and suspicious hyperlinks to their IT or safety groups. Deploying superior e-mail filtering and safety instruments that leverage AI to detect and block phishing makes an attempt, malicious hyperlinks and attachments earlier than they’ll attain finish customers can also be an efficient mitigation technique. Lastly, passwordless authentication choices, akin to a QR code or FIDO2 authentication, will help shield in opposition to AITM phishing assaults.
Gaining entry via cloud credentials less expensive than ever
The typical value per compromised cloud credentials on the darkish net is USD 10.23 in 2024, a lower of 12.8% since 2022. This value drop, along with the 20% lower in total mentions of SaaS platforms on darkish net marketplaces, could point out that the marketplace for these credentials is changing into oversaturated. Nevertheless, it additionally displays an rising availability of those credentials for menace actors to leverage earlier than and through assaults. Thus, it’s no shock that greater than 1 / 4 of cloud-related incidents concerned using legitimate credentials, making it the second commonest preliminary assault vector. As the worth of for-sale cloud credentials decreases, it’s changing into less expensive (and stealthier) for attackers to compromise organizations by logging in utilizing legitimate credentials.
The will for adversaries to acquire cloud credentials for malicious functions and illicit monetary revenue can also be evident from the continued pattern of credential theft from infostealers particularly designed to exfiltrate credentials from cloud providers. This menace highlights the necessity for organizations to handle their cyber publicity and digital threat. Companies ought to search an answer that particularly focuses on discovering, indexing and monitoring operators, malware and information throughout clear net and deep and darkish net sources. Early detection of compromised credentials permits swift response measures, akin to password resets and adjustments to entry controls, to stop potential future breaches.
A strong framework for enhancing cloud safety
Cloud safety is very related in at present’s enterprise setting, with enterprises more and more migrating their crucial enterprise information from on-prem options to cloud environments. Alongside this expertise migration is an evolving cyber menace panorama, the place menace actors are actively in search of to compromise organizations’ heavy reliance on cloud infrastructure, notably these dealing with delicate enterprise information. This rising dependence on cloud infrastructure has solely widened the assault floor for menace actors to use and underscores why securing the cloud is extra essential than ever.
So long as victims’ cloud environments stay accessible via legitimate credentials, cybercriminals will proceed to hunt and use them for his or her campaigns and operations, whether or not via phishing, BEC or promoting them on the darkish net. As seen in IBM’s 2024 Price of a Knowledge Breach report, the monetary implications and enterprise disruptions for organizations proceed to climb.
These examples illustrate the wide-ranging influence of stolen cloud credentials, from mental property theft to ransomware deployment. Attackers can use legitimate credentials to stay undetected and bypass commonplace safety measures, making credential-based assaults a big and ongoing menace to organizations.
By implementing a holistic method to cloud safety—together with defending information, having an id and entry administration (IAM) technique, proactively managing dangers, and being prepared to answer a cloud incident—organizations may be higher ready to defend their cloud infrastructure and providers and cut back the general threat of credential-based assaults.
As IBM continues to launch main safety experiences like its 2024 Price of a Knowledge Breach report and the 2024 Risk Intelligence Index, this cloud-focused report captures the precise dangers companies face as they proceed alongside their cloud migration journey. For a deeper dive into the newest cloud-related threats and developments, obtain the 2024 IBM X-Pressure Cloud Risk Panorama Report.
Wish to strengthen your cloud safety? Seek the advice of with certainly one of our X-Pressure consultants to judge your group’s cloud defensive methods.
It’s also possible to register for the webinar, “Are you geared up to deal with the evolving cloud menace panorama?” right here on Thursday, October 17 at 11:00 EDT.
Was this text useful?
SureNo