2 min Security

Attackers sneak past security tools with login credentials

Attackers sneak past security tools with login credentials

Security tools are often no obstacle for hackers due to misconfigured cloud environments. Moreover, misconfigurations produce many error messages in security tools, distracting security teams from the real dangers.

About 47 percent of error messages on Microsoft Azure result from storage account misconfigurations. Nearly 44 percent of Google Cloud users scored a failing check, mainly due to a lack of customer-specific encryption. S3 controls accounted for 30 percent of the errors at AWS. The most common cause was a lack of MFA.

The numbers and findings come from the Elastic Global Threat Report 2024. The report from Elastic Security Labs relies on observations from more than one billion data points.

Attackers log in

In addition to the error messages that cause work for security teams, such misconfigurations are entry points for hackers. Attackers abuse the misconfigurations to penetrate with login credentials. Thus, hackers succeed undetected because security tools will not detect suspicious activity. About 23 percent of intrusions into cloud environments happen with legitimate login credentials.

This entire problem was already painfully obvious in the data breach at Ticketmaster. Back then, we wrote an extensive blog post about attackers’ shifting modus operandi and their need to break into digital environments less and less.

‘Security policies must change’

“Attackers are increasingly focusing on abusing security tools and investing in collecting legitimate login credentials to achieve their goals. This highlights the need for organizations to have well-aligned security capabilities and policies,” concludes Jake King, Head of Threat and Security intelligence at Elastic.

The challenge lands on the plate of security teams, who are struggling with understaffed and underfunded budgets. Currently, they do not find the time to monitor new threats and dangers or to make their organization resilient against them.

Tip! Cybersecurity teams can not keep up with new attack techniques