Evolving cloud threats: Insights and recommendations

Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise (BEC), which IBM X-Force observed as threat actors’ #1 objective when targeting cloud-based environments.

In this Help Net Security video, Austin Zeizel, Threat Intelligence Consultant at IBM X-Force, discusses the cloud threat landscape.

Key findings from the report:

Phishing remains a leading initial access vector: Over the past two years, phishing has accounted for 33% of cloud-related incidents, with attackers often using phishing to harvest credentials through AITM attacks.

BEC attacks go after credentials: BEC attacks, where attackers spoof email accounts posing as someone within the victim organization or another trusted organization, accounted for 39% of incidents over the past two years.

Continued demand for cloud credentials on the dark web despite market saturation: Gaining access via compromised cloud credentials was the second most common initial access vector at 28%. However, the overall mentions of SaaS platforms on dark web marketplaces decreased by 20% compared to 2023

Compliance is a major issue: The #1 security rule failure in 100% cloud-only environments involved improper configuration of essential security and management settings in Linux systems. In environments where 50% or more of the systems are in the cloud, the top failed security rule involved failing to ensure consistent and secure authentication and cryptography practices.