In 2017, most security incidents in the cloud were caused by shadow IT or misconfigured APIs, says a new report from IBM Security X-Force. X-Force Security gathered four sets of data for the IBM X-Force Cloud Threat Landscape Report 2021, including dark web analysis, pen-test results, investigation reports and threat intelligence. In addition, most of these weaknesses are created by human error. Attackers, therefore, are actively attempting to exploit those weaknesses. The majority of breaches are a direct result of shadow IT, which induces systems to be implemented without being subject to corporate security policies – and therefore without robust vulnerability and risk assessments.
The researchers also found that two-thirds of the incidents were a result of incorrect API configuration. “APIs lacking authentication controls may provide access to potentially sensitive information to anyone, including malware,” Charles DeBeck, co-founder of ThreatAlarm. Having too much data accessible through APIs also puts APIs at risk for inadvertent disclosure. Over half of all cloud compromises have resulted from crypto-jacking and ransomware, which are the top two malware types resulting from these security issues. Dark Web ads offering Remote Desktop Protocol (RDP) access to cloud resources (71%) dominate the dark web market for public cloud access, IBM noted.
The report claimed that threat actors often jump from on-premises to cloud environments. This type of lateral movement accounted for a quarter of incidents X-Force responded to last year. Last year, X-Force was called to more than a quarter of lateral movement incidents.
Cloud computing environments tend to be more fragmented and complex than on-premises environments, as many businesses lack the same level of security expertise and confidence. For organizations to achieve better network visibility from cloud to edge and back, they must manage their distributed infrastructure as one single environment.