Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations

Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past year. Improper use of credentials made up the top cause of cloud compromises that X-Force responded to in the past year, reaffirming the need for businesses to double down on hardening their credential management practices.

Based on insights from X-Force threat intelligence, penetration tests, incident response engagements, Red Hat Insights and data provided by report contributor Cybersixgill, between June 2022 and June 2023, some of the key highlights stemming from the report include:

  • Credentials worth a dozen doughnuts — Over 35% of cloud security incidents occurred from attackers’ use of valid, compromised credentials. Making up nearly 90% of assets for sale on dark web marketplaces, credentials’ popularity among cybercriminals is apparent, averaging $10 per listing — or the equivalent of a dozen doughnuts. Microsoft Outlook Cloud credentials accounted for over 5 million mentions on illicit marketplaces — by far the most popular access for sale.
  • “Unkempt” clouds — X-Force observed a nearly 200% increase in new cloud related CVEs from the prior year, now tracking close to 3,900 cloud-related vulnerabilities, a number that has doubled since 2019. Adversaries can advance their objectives significantly by exploiting many of these vulnerabilities with over 40% of new cloud CVEs allowing them to either obtain information or gain access, indicating the strong foothold attackers can establish through these entry points.
  • Europe’s cloudy forecast Sixty-four percent of cloud-related incidents that X-Force responded to during the reporting period involved European organizations. In fact, across all malware that Red Hat Insights observed, 87% was identified in European organizations, highlighting their attractiveness to attackers. It’s possible that the increasing tensions in the region and uptick in deployment of back doors — which was reported in the 2023 X-Force Threat Intelligence Index — could be related to the placing of European cloud environments at the top of the targets observed.
Download the 2023 Cloud Threat Landscape Report

Credentials are no longer credible authenticators

Adversaries continue to wager on improper credential hygiene across enterprises to carry out their attacks. X-Force engagements reveal that, often, credentials with overprivileged access are left exposed on user endpoints in plaintext, creating an opportunity for attackers to establish a pivot point to move deeper into the environment or access highly sensitive information. Specifically, plaintext credentials were located on user endpoints in 33% of X-Force Red’s adversary simulation engagements that involved cloud environments during the reporting period. This upward trend of credential use as an initial access vector — representing 36% of cloud incidents in 2023 compared to 9% in 2022 — highlights the need for organizations to move beyond human-reliant authentications and prioritize technological guardrails capable of securing user identity and access management.

As access to more data across more environments becomes a recurring need, human error continues to present a security challenge. The growing need for more dynamic and adaptive identity and access management can be met with advanced AI capabilities in the market today. For example, IBM Security Verify customers see substantial improvement by leaning on more intuitive authentication processes to calculate risk score based on login patterns, device location, behavior analytics, and other context, and then automatically adapt the login process and verification accordingly.

Organizations lowball their attack surface — stress testing their security is key

The ability to manage the full scope of organizations’ attack surface is key to establishing cyber resilience. However, organizations tend to be more exposed than they realize, often underestimating the potential targets within their environment that can serve attackers’ objectives. Shadow IT and an unmanageable vulnerability debt makes it increasingly challenging for organizations to know where they are most exposed.

According to the X-Force report, nearly 60% of newly disclosed vulnerabilities, if exploited, could allow attackers to obtain information or either gain access or privileges that enable lateral movement through the network. From providing attackers information on how environments are set up to unauthorized authentication that can grant them additional permissions, it’s critical for organizations to know which risks to prioritize — especially when operating with limited resources. To help organizations with this challenge, X-Force Red uses AI for weaponized exploit risk assessment — leveraging the team’s hacker-built automated ranking engine to enrich and prioritize findings based on weaponized exploits and key risk factors such as asset value and exposure.

As organizations focus on better understanding their cloud risk posture, it’s important they combine that knowledge with response readiness by engaging in adversary simulation exercises using cloud-based scenarios to train and practice effective cloud-based incident response. This way, not only can they gain insight into attack paths and objectives an attacker could pursue, but they can also better measure their ability to respond to such attack and contain any potential impact.

If you’re interested in reading the full 2023 X-Force Cloud Threat Report, you can access it here.

You can register for the webinar, “Cloud Threat Landscape Report: Explore Trends to Stay Ahead of Threats,” taking place on Wednesday, September 20 at 11:00 a.m. EDT here.

For more information on X-Force’s security research, threat intelligence and hacker-led insights, visit the X-Force Research Hub.

If you’d like to set up a consult with IBM X-Force, schedule a discovery briefing here.

More from Cloud Security

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today