September 22, 2023

Valid, compromised account credentials were the initial access vector for more than one in three cloud intrusions last year according to IBM Security X-Force, making it the most common point of entry across all cloud security incidents.

Credentials used as an initial access vector for cloud intrusions jumped from 9% in 2022 to 36% this year, IBM Security X-Force said in its cloud threat landscape report.

The report also found that over 35% of cloud security incidents occurred from attackers’ use of valid, compromised credentials. According to the report, credentials are the most popular asset for sale on dark web marketplaces, accounting for nearly 90% of listings.

The average price for stolen credentials is $10.68. Meanwhile, Microsoft Outlook Cloud credentials were the most popular access for sale on the dark web, representing more than 5 million mentions. Phishing attacks and the exploitation of public-facing applications tied for the second-most prevalent point of entry during the reporting period with each claiming about 14% of all cloud security incidents.

The report also highlights the growing risk of cloud-related vulnerabilities, with X-Force observing a nearly 200% increase in new cloud related CVEs from the prior year. Europe was the hardest-hit region in terms of cloud security incidents, with 64% of the incidents X-Force responded to involving European organizations.

The sources for this piece include an article in CIODIVE.