A report finds a third (33%) of the cloud security incidents investigated by IBM Security X-Force researchers, involved phishing attacks to steal credentials, followed closely by 28% of incidents that involved attacks where cybercriminals had already obtained some type of valid credential.
Overall, the report suggests that some form of identity theft accounted for more than half (51%) of the cloud incidents investigated.
The third most common cloud incident involved vulnerabilities in public-facing applications at 22%, the report finds.
In terms of actual incident response engagements, however, IBM researchers noted that cloud-hosted instances of Microsoft Active Directory servers accounted for 39% of attacks during the last two years.
Chris Caridi, strategic cyber threat analyst for IBM Security X-Force, said the report makes it clear the cybercriminals continue to rely on well-known tactics and techniques such as phishing attacks, employing info-stealers, scanning for well-known vulnerabilities and targeting Active Directory to compromise cloud computing environments. In the absence of best hygiene practices for ensuring cloud security, it still requires little effort for cybercriminals to compromise cloud computing services, he noted.
In fact, in collaboration with Cybersixgill, a provider of a threat intelligence service, IBM researchers have determined the average cost of a compromised cloud credential that is for sale on the Dark Web is currently $10.23.
The most common attack being launched against cloud services involves some form of business email compromise (BEC) at 39%, followed by attempts to run crypto-mining tools to generate digital currency (22%). The harvesting of credentials and the gaining of access to servers are tied at 11% each.
The IBM report also noted that in collaboration with Red Hat researchers determined the top failed security rule in cloud-only environments involved improper configuration of essential security and management settings in Linux systems. In contrast, the top failed security rule in environments where 50% or more of the systems are in the cloud involved the failure to ensure consistent and secure authentication and cryptography practices.
In terms of newly discovered vulnerabilities in cloud computing environments, the report notes that more than a quarter (27%) involved some type of cross-site scripting issue that could be used to either redirect website traffic or harvest access tokens.
Despite all these issues, the overall state of cloud security awareness has improved in recent years, noted Caridi. There is still much work to be done when it comes to understanding how the shared responsibility approach to cloud security needs to work, but more organizations are at the very least aware of the potential threats, he added.
Of course, cybercriminals only need to be successful once to wreak havoc. In addition to securing identities and investing in additional incident response capabilities, IBM researcher noted organizations should integrate security throughout their software development lifecycle (SDLC), ensure data is encrypted, adopt threat modeling, conduct more rigorous testing and embrace automation.
Naturally, those capabilities will require additional levels of investment, however, as the value of the software assets being run in the cloud continues to increase, the total cost of a breach is likely to be considerably higher. The challenge, as always, is convincing senior business and IT leaders that an ounce of prevention is always going to be less expensive than any pound of cure that might eventually be applied later.