Dive Brief:

  • Valid, compromised account credentials were the initial access vector for more than 1 in 3 cloud intrusions observed by IBM Security X-Force during the last year, making it the most common point of entry across all cloud security incidents.
  • Credentials used as an initial access vector for cloud intrusions jumped from 9% in 2022 to 36% this year, IBM Security X-Force said Wednesday in its cloud threat landscape report.
  • The research revealed credentials with over-privileged access are often left exposed, creating an opportunity for attackers to establish a pivot point to move deeper into their targets’ cloud environments. IBM discovered plaintext credentials on one-third of user endpoints it reviewed during the one-year period ending in June.

Dive Insight:

The upward trend of credential use as an initial access vector highlights the need for organizations to move beyond human-reliant authentications.

“Adversaries continue to wager on improper credential hygiene across enterprises to carry out their attacks,” IBM Security X-Force researchers said in a blog.

Valid, compromised credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, the report found.

The average price for these credentials was $10.68 a pop. That’s the equivalent of a dozen donuts, IBM said.

Microsoft Outlook Cloud credentials were the most popular access for sale on the dark web, representing more than 5 million mentions, according to IBM.

Phishing attacks and the exploitation of public-facing applications tied for the second-most prevalent point of entry during the reporting period with each claiming about 14% of all cloud security incidents.