As we step into October and mark the beginning of Cybersecurity Consciousness Month, organizations’ concentrate on defending digital property has by no means been extra essential. As progressive new cloud and generative AI options assist advance as we speak’s companies, it’s additionally essential to grasp how these options have added to the complexity of as we speak’s cyber threats, and the way organizations can tackle them. That’s why IBM—as a number one world safety, cloud, AI and enterprise service supplier—advocates to our world shoppers to take a proactive strategy to embedding safety into all facets of their enterprise.
To that finish, the 2024 IBM X-Pressure Cloud Risk Panorama Report supplies an in-depth take a look at probably the most impactful dangers organizations face as we speak, and why implementing correct safety mitigation methods for cloud environments is significant to a corporation’s success. Drawing upon risk intelligence, incident response engagements, and partnerships with Cybersixgill and Purple Hat Insights, the IBM X-Pressure staff affords distinctive insights on how adversaries are compromising cloud infrastructure by leveraging adversary-in-the-middle (AITM) assaults, enterprise e mail compromise (BEC) and different assault strategies.
For instance, this yr’s report highlights how attackers know that credentials are the keys to cloud environments and are extremely sought-after on darkish net marketplaces. For that reason, attackers are utilizing phishing, keylogging, watering gap and brute power assaults to reap credentials. Moreover, darkish net analysis highlights the recognition of infostealers, that are used to steal cloud platform and service-specific credentials.
A number of the different key findings from this yr’s report reveal refined assault strategies and methods of exploiting cloud environments that embody:
- Phishing is the main preliminary entry vector. Over the previous two years, phishing has accounted for 33% of cloud-related incidents, with attackers usually utilizing phishing to reap credentials by way of adversary-in-the-middle (AITM) assaults.
- Enterprise E-mail Compromise (BEC) assaults go after credentials. BEC assaults, the place attackers spoof e mail accounts posing as somebody inside the sufferer group or one other trusted group, accounted for 39% of incidents over the previous two years. Risk actors generally leverage harvested credentials from phishing assaults to take over e mail accounts and conduct additional malicious actions.
- Continued demand for cloud credentials on the darkish net, regardless of market saturation. Gaining entry through compromised cloud credentials was the second most typical preliminary entry vector at 28%, regardless of total mentions of SaaS platforms on darkish net marketplaces, which decreased by 20% in comparison with 2023.
Obtain the report
AITM phishing results in enterprise e mail compromise and credential harvesting
AITM phishing is a extra refined type of a phishing assault the place attackers place themselves between the sufferer and a legit entity to intercept or manipulate communications. One of these assault is especially harmful as a result of it could possibly bypass some types of MFA, making it a robust software for cybercriminals.
As soon as inside a sufferer’s surroundings, risk actors search to hold out their targets. Two of the commonest actions noticed by X-Pressure have been BEC assaults (39%) and credential harvesting (11%). For instance, after an attacker compromises a cloud-hosted e mail platform, they might carry out a number of duties similar to intercepting delicate communications, manipulating monetary transactions, or utilizing compromised e mail accounts to conduct additional assaults.
Leveraging safety risk intelligence to tell the enterprise’ worker coaching applications could be key to serving to mitigate all types of phishing assaults, together with AITM. Staff needs to be skilled to precisely acknowledge and report phishing strategies, spoofed emails and suspicious hyperlinks to their IT or safety groups. Deploying superior e mail filtering and safety instruments that leverage AI to detect and block phishing makes an attempt, malicious hyperlinks and attachments earlier than they’ll attain finish customers can be an efficient mitigation technique. Lastly, passwordless authentication choices, similar to a QR code or FIDO2 authentication, will help defend towards AITM phishing assaults.
Gaining entry by way of cloud credentials less expensive than ever
The typical worth per compromised cloud credentials on the darkish net is USD 10.23 in 2024, a lower of 12.8% since 2022. This worth drop, along with the 20% lower in total mentions of SaaS platforms on darkish net marketplaces, could point out that the marketplace for these credentials is changing into oversaturated. Nevertheless, it additionally displays an growing availability of those credentials for risk actors to leverage earlier than and through assaults. Thus, it’s no shock that greater than 1 / 4 of cloud-related incidents concerned using legitimate credentials, making it the second most typical preliminary assault vector. As the value of for-sale cloud credentials decreases, it’s changing into less expensive (and stealthier) for attackers to compromise organizations by logging in utilizing legitimate credentials.
The will for adversaries to acquire cloud credentials for malicious functions and illicit monetary revenue can be evident from the continued pattern of credential theft from infostealers particularly designed to exfiltrate credentials from cloud companies. This risk highlights the necessity for organizations to handle their cyber publicity and digital threat. Companies ought to search an answer that particularly focuses on discovering, indexing and monitoring operators, malware and knowledge throughout clear net and deep and darkish net sources. Early detection of compromised credentials permits swift response measures, similar to password resets and modifications to entry controls, to stop potential future breaches.
A sturdy framework for bettering cloud safety
Cloud safety is very related in as we speak’s enterprise surroundings, with enterprises more and more migrating their essential enterprise knowledge from on-prem options to cloud environments. Alongside this expertise migration is an evolving cyber risk panorama, the place risk actors are actively searching for to compromise organizations’ heavy reliance on cloud infrastructure, significantly these dealing with delicate enterprise knowledge. This rising dependence on cloud infrastructure has solely widened the assault floor for risk actors to use and underscores why securing the cloud is extra essential than ever.
So long as victims’ cloud environments stay accessible by way of legitimate credentials, cybercriminals will proceed to hunt and use them for his or her campaigns and operations, whether or not by way of phishing, BEC or promoting them on the darkish net. As seen in IBM’s 2024 Price of a Information Breach report, the monetary implications and enterprise disruptions for organizations proceed to climb.
These examples illustrate the wide-ranging influence of stolen cloud credentials, from mental property theft to ransomware deployment. Attackers can use legitimate credentials to stay undetected and bypass normal safety measures, making credential-based assaults a big and ongoing risk to organizations.
By implementing a holistic strategy to cloud safety—together with defending knowledge, having an id and entry administration (IAM) technique, proactively managing dangers, and being prepared to answer a cloud incident—organizations could be higher ready to defend their cloud infrastructure and companies and cut back the general threat of credential-based assaults.
As IBM continues to launch main safety stories like its 2024 Price of a Information Breach report and the 2024 Risk Intelligence Index, this cloud-focused report captures the particular dangers companies face as they proceed alongside their cloud migration journey. For a deeper dive into the newest cloud-related threats and tendencies, obtain the 2024 IBM X-Pressure Cloud Risk Panorama Report.
Need to strengthen your cloud safety? Seek the advice of with one among our X-Pressure consultants to judge your group’s cloud defensive methods.
You can even register for the webinar, “Are you outfitted to deal with the evolving cloud risk panorama?” right here on Thursday, October 17 at 11:00 EDT.
Was this text useful?
SureNo
