Shadow IT and misconfigured APIs accounted for the majority of security incidents in the cloud last year, according to a new report from IBM Security X-Force.
Threat intelligence players leverage multiple data sources, including dark web analytics, penetration test data, incident response cases, and threat intelligence. 2021 IBM Security X-Force Cloud Threat Landscape Report.
It has become clear that attackers are actively exploiting weaknesses in corporate protection. Most of them are caused by human error.
To this end, shadow IT resulted in more than half of the breaches when the system spun up without complying with corporate security policies. As a result, there was a lack of vulnerability and risk assessment and security protocols were strengthened.
In addition, two-thirds of the incidents investigated were related to improperly configured APIs.
“APIs without authentication control could potentially allow anyone, including threat actors, to access sensitive information.” Said Charles DeBeck, Senior Cyber Threat Intelligence Analyst. “On the other hand, if the API allows too much data, it can be inadvertently disclosed.”
The overall result of these security issues was to enable cryptojacking and ransomware, the top two malware types that account for more than half of cloud breaches.
IBM also noted that the dark web market for public cloud access, which is dominated by ads that provide Remote Desktop Protocol (RDP) access to cloud resources, is thriving (71%).
According to reports, threat actors often jump from on-premises environments to cloud environments. This type of lateral movement accounted for a quarter of the cases X-Force responded to last year.
“Many companies do not have the same level of trust and expertise in configuring security controls in cloud computing environments compared to on-premises, leading to more fragmented and more complex security environments that are difficult to manage. “De Beck insisted.
“Organizations need to manage their distributed infrastructure as a single environment to eliminate complexity and improve network visibility from the cloud to the edge and vice versa.”
Misconfigured APIs account for two-thirds of cloud breaches
https://www.infosecurity-magazine.com/news/misconfigured-apis-cloud-breaches/ Misconfigured APIs account for two-thirds of cloud breaches