The IBM security X-Force has presented a security report on Wednesday and it depicts that two-thirds of cloud data breaches happened due to API misconfiguration.
If the configuration of apps, databases, and security policies were correct, then here, these data breaches could have been avoided.
Among the three data breaches, two of the cloud environment were being observed by IBM, and luckily they have been checked by a more robust set of systems.
How hackers are getting into cloud environments?
The hackers proceeded to get access to the cloud data illegitimately, which has now become a big issue, as the threat actor is targetting continuously, therefore IBM delivers a host of all-new data points which will improve the understanding of organizations that are being attacked.
Apart from this, in a cloud environment, the password and policy violations often come from shadow IT. And the X-Force Red discovered that the large majority of their penetration tests into cloud environments in 2021 exposed issues that have one of these two components.
For miners, ransomware, and botnets hackers using cloud environments
Since the hackers are continuously targetting the Cloud environments, that’s why it is one of the desired targets for resource-intensive crypto miners for the threat actors.
There are many more points that attract the threat actors, such as the cloud environment can provide scalable resources and processing power.
Apart from this Cloud environment generally enable attackers to scale attacks and clear all the traces, and the most interesting point is that compromised cloud environments enable them to do it for free.
Recommendations and best practices
After knowing the key details of the breaches, the IBM Security X-Force suggests some recommendations that will surely help the cloud users to overcome such attacks:-
- Always use an open as well as an integrated security approach.
- Always try to implement a zero-trust philosophy, which also includes implementing the virtual network segmentation as it limits access to resources.
- Try to estimate trust relationships between on-premises and cloud environments, because it’s an important part of the security strategy.
- Keep checking and detecting all the capabilities to cloud environments.
- Make sure to use compliance and security posture enforcement tooling to stop common misconfiguration.
- Try to implement cloud web application defenses, which also include controls.
While IBM claims that in 71% of ads listed out of close to 30,000 compromised cloud accounts that were found on sale on the dark web marketplaces, are usually used for criminal purposes, and here the RDP access is always on offer.
However, in one of the new reports of IBM, it was being pronounced that the threat actors still continue investigating in cloud targeting with crypto miners and ransomware maintaining to be the top separated malware into cloud environments.