New research has come out suggesting that two-thirds of cloud security incidents could have been avoided if the apps, databases, and security policy configurations were done properly. A lot of configuration mistakes or lack of secure policies make companies vulnerable.
IBM Security X-Force published its latest Cloud Security Threat Landscape report on Wednesday. It spans the second quarter of 2020 through to this year’s Q2.
The research shows that two out of three breached cloud environments would have likely been kept safe if the systems were hardened, through the proper implementation of security policies and timely patch application.
What the team found
While sampling scanned cloud environments, the X-Force Red team did penetration tests and found other credential and policy-related issues. IBM says that the two elements could be attributed to initial infection vectors for organizations, including password spraying, pivoting from on-premises infrastructure, and improperly configured assets.
IBM added that API configuration and security issues, accessing confidential data, and remote exploitation were common ways for attackers to take advantage of less-than-stellar security in cloud environments.
The researchers believe that over half of the breaches are attributable to shadow IT, which may include apps and services not managed or controlled by central IT teams.
A disturbing undercurrent
The public cloud initial access market continues to grow, spurred on by misconfigurations, oversight in securing cloud environments, and API errors & exposure. IBM says that in 71% of ads listed (out of a sample of 30,000), Remote Desktop Protocol (RDP) access is on offer for criminal use.
In some cases, cloud environment access sells for a few dollars. Depending on the perceived value of the target, the prices change and could reach thousands of dollars.
IBM’s report also says that there has been an increase in vulnerabilities affecting cloud apps, with close to half of 2,500 reported bugs disclosed in the past 18 months.