With a little attention to detail and a strong password policy, many organizations could significantly tighten up their security posture, a new report suggests.
Technology powerhouse IBM recently published a paper, based on research conducted by its cybersecurity team X-Force, which claims that two in three cloud breaches occurred as a result of an API misconfiguration.
The researchers also found that many virtual machines were running with default security settings and were therefore exposed to the internet.
Misconfigurations aside, weak password policies also played a major role in many successful data breaches. In the “vast majority” of cloud penetration tests, the researchers found password and policy violations, it was said.
What’s more, IBM spotted “significant growth” in the severity and number of vulnerabilities in cloud-deployed applications. The number of vulnerabilities found in cloud applications has risen by 150 percent since 2016.
According to the report, there are almost 30,000 compromised cloud accounts for sale on the dark web. They are also incredibly cheap, IBM added, with Remote Desktop Protocol accounting for 70 percent of all cloud resources for sale.
With these credentials, criminals could easily automate their access to cloud environments. And in most scenarios, this access is used to either set up cryptominers or inject ransomware.
- Keep your organization safe with the best business antivirus right now