- Not Ready For AI? Time To Lay The Groundwork
- One of the best tablets for entertainment I've tested is not an iPad Air or Samsung Galaxy Tab
- Why you should power off your phone once a week - according to the NSA
- Trace3 names Jason Peoples as Outlier Award winner for 2024
- The evolving rate of patch management and eISSU for financials
Misconfigured APIs Account for Two-Thirds of Cloud Breaches
Shadow IT and misconfigured APIs accounted for the vast majority of security incidents in the cloud last year, according to a new report from IBM Security X-Force.
The threat intelligence player drew on multiple data sources, including dark web analysis, pen-testing data, incident response cases and threat intelligence to compile the 2021 IBM Security X-Force Cloud Threat Landscape Report.
It revealed that attackers are actively looking to exploit weaknesses in enterprise protection, many of which come about due to human error.
To this end, over half of breaches came about as a result of shadow IT, when systems were spun up without being subject to corporate security policy — and therefore lacked vulnerability and risk assessments and hardened security protocols.
Additionally, two-thirds of the incidents studied involved improperly configured APIs.
“APIs lacking authentication controls can allow anyone, including threat actors, access to potentially sensitive information,” said senior cyber threat intelligence analyst, Charles DeBeck. “On the other side, APIs being granted access to too much data can also result in inadvertent disclosures.”
The overall result of these security issues has been to enable cryptojacking and ransomware, the top two malware types, which accounted for over half of cloud compromises.
IBM also noted a thriving dark web market for public cloud access, dominated by ads offering Remote Desktop Protocol (RDP) access to cloud resources (71%).
The report claimed that threat actors often jump from on-premises to cloud environments. This type of lateral movement accounted for a quarter of incidents X-Force responded to last year.
“Many businesses don’t have the same level of confidence and expertise when configuring security controls in cloud computing environments compared to on-premises, which leads to a fragmented and more complex security environment that is tough to manage,” DeBeck argued.
“Organizations need to manage their distributed infrastructure as one single environment to eliminate complexity and achieve better network visibility from cloud to edge and back.”