Misconfigured APIs Account for Two-Thirds of Cloud Breaches
Shadow IT and misconfigured APIs accounted for the vast majority of security incidents in the cloud last year, according to a new report from IBM Security X-Force.
The threat intelligence player drew on multiple data sources, including dark web analysis, pen-testing data, incident response cases and threat intelligence to compile the 2021 IBM Security X-Force Cloud Threat Landscape Report.
It revealed that attackers are actively looking to exploit weaknesses in enterprise protection, many of which come about due to human error.
To this end, over half of breaches came about as a result of shadow IT, when systems were spun up without being subject to corporate security policy — and therefore lacked vulnerability and risk assessments and hardened security protocols.
Additionally, two-thirds of the incidents studied involved improperly configured APIs.
“APIs lacking authentication controls can allow anyone, including threat actors, access to potentially sensitive information,” said senior cyber threat intelligence analyst, Charles DeBeck. “On the other side, APIs being granted access to too much data can also result in inadvertent disclosures.”
The overall result of these security issues has been to enable cryptojacking and ransomware, the top two malware types, which accounted for over half of cloud compromises.
IBM also noted a thriving dark web market for public cloud access, dominated by ads offering Remote Desktop Protocol (RDP) access to cloud resources (71%).
The report claimed that threat actors often jump from on-premises to cloud environments. This type of lateral movement accounted for a quarter of incidents X-Force responded to last year.
“Many businesses don’t have the same level of confidence and expertise when configuring security controls in cloud computing environments compared to on-premises, which leads to a fragmented and more complex security environment that is tough to manage,” DeBeck argued.
“Organizations need to manage their distributed infrastructure as one single environment to eliminate complexity and achieve better network visibility from cloud to edge and back.”