A new report from IBM said that elevated permissions and role identities in the cloud are present in nearly all successful compromises performed by the company’s X-Force Red penetration testing team. Credit: CIS Excess privilege granted to cloud identities is a key component in 99% of all security tests performed by IBM’s X-Force Red penetration testing team, according to a report released Wednesday by the company.Both human users and service accounts were consistently found to have more access rights and privileges than they generally need, which makes exploiting a successful breach in a cloud system much easier than it would otherwise be, the report said.“This setup enabled attackers who managed to get a foothold in the environment to pivot and move laterally to exploit additional cloud components or assets,” according to the report. That’s bad news for the cloud sector, which also saw a 200% increase in the number of compromised accounts being sold on the dark web, and an increase in the average severity score of vulnerabilities found in cloud systems, IBM said. That severity score, which is based on CVSS, rose to an average of 18 in the latest report, up from 15 ten years ago. “It stands to reason that as the number of available cloud-based applications rises, more cloud-related vulnerabilities will be disclosed, which increases the overall attack surface for cloud environments,” the report said.Cloud security lapses lead to cryptojacking, ransomwareThe total number of cloud-based vulnerabilities also increased substantially over the course of the past year, the report’s authors added, with 28% growth. The most common malware deployed as a result of compromised cloud systems was cryptojacking and ransomware, although data exfiltration and extortion attacks were also seen. Cryptojacking—essentially cryptocurrency mining with malicious or criminal intent—is a particularly attractive activity for malicious hackers targeting the cloud, according to IBM, for several reasons, including the ability to transfer the costs of mining onto the victim, the perceived lack of vigilance over cloud services as compared to on-premises systems and the presence of known vulnerabilities in cloud computing.Along with misconfigurations, which remain a common way in for malicious hackers, two major vulnerabilities proved significantly attractive as targets for bad actors going after cloud systems. The Log4j vulnerability—an exploitable flaw in an Apache library that is widely used by cloud service providers—was heavily targeted by ransomware groups like NightSky and Conti, as well as several families of Linux-based cryptomining malware, including Monero, B1txor20, Mirai and more. “Our [incident reporting] experience reflects that threat actors have significant and growing cloud expertise,” the report said. “With few exceptions, these threat actors operate unconstrained by a client’s cloud hosting preferences, rules of law or any physical geographic boundaries.” Related content news Singing River ransomware attack now thought to have affected over 895,000 The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack. By Shweta Sharma May 15, 2024 4 mins Data Breach Ransomware brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe