Cloud security trends: What makes cloud infrastructure vulnerable to threats?

In this Help Net Security video, Chris Caridi, Strategic Cyber Threat Analyst at IBM X-Force, talks about the findings of the latest IBM Security X-Force Cloud Security Threat Landscape Report.

The X-Force report pulls data from IBM’s threat visibility, including X-Force Threat Intelligence data, hundreds of penetration tests, incident response engagements, and data provided by report contributor Intezer between July 2021 and June 2022.

Key highlights include:

Cloud vulnerabilities are on the rise – Amid a sixfold increase in new cloud vulnerabilities over the past six years, 26% of cloud compromises that X-Force responded to were caused by attackers exploiting unpatched vulnerabilities, becoming the most common entry point observed.

More access, more problems – In 99% of pentesting engagements, X-Force Red was able to compromise client cloud environments through users’ excess privileges and permissions. This type of access could allow attackers to pivot and move laterally across a victim environment, increasing the level of impact in the event of an attack.

Cloud account sales gain grounds in dark web marketplaces – X-Force observed a 200% increase in cloud accounts now being advertised on the dark web, with remote desktop protocol and compromised credentials being the most popular cloud account sales making rounds on illicit marketplaces.