RESEARCH TRIANGLE PARK – In a different take on “insider threat,” IBM says soaring misuse of legitimate credentials is a growing danger to cloud computing.
Blame the problem on legitimate credentials being offered for sale on the “dark web.”
“Cloud is still a hot commodity on the dark web,” the report says. “Credentials comprised nearly 90% of cloud assets for sale on the dark web during the reporting period.”
Theyr’e not expensive, either.
“The average price for these credentials was USD 10.68, representing a slight decrease from the previous reporting period,” IBM says.
In the report, IBM reports a 194% increase in new could-related “common vulnerabilities
and exposures,” or CVEs, from a year ago.
IBM, along with Raleigh-based Red Hat which IBM owns, have made cloud computing a key pillar in its future growth plans.
Here are highlights from the report:
- Misuse of legitimate credentials plagues the cloud landscape
– [Incident response] data indicates that the use of valid credentials was the most common initial
access vector in cloud security incidents, occurring in 36% of cases.
– The [IBM] X-Force team discovered plaintext credentials located on user endpoints in 33% of engagements involving cloud environments.
- Container security concerns are on the rise
– The X-Force Red team reported a large uptick in custom resource definition use in organizations’ Kubernetes clusters, which can become security concerns if implemented poorly or without the appropriate level of security-inclusive development processes.
- Key takeaways
– Vulnerabilities are increasingly being discovered and disclosed
– The X-Force team tracked 632 new cloud-related common vulnerabilities and exposures (CVEs) during the reporting period. This number is a 194% increase from the prior year. The impact felt by the exploitation of these CVEs is varied
– Just over 40% of the CVEs discovered during the reporting period could allow an attacker to either obtain information (21%) or gain access (20%).