Security News > 2022 > September > Cloud security trends: What makes cloud infrastructure vulnerable to threats?
The X-Force report pulls data from IBM's threat visibility, including X-Force Threat Intelligence data, hundreds of penetration tests, incident response engagements, and data provided by report contributor Intezer between July 2021 and June 2022.
Cloud vulnerabilities are on the rise - Amid a sixfold increase in new cloud vulnerabilities over the past six years, 26% of cloud compromises that X-Force responded to were caused by attackers exploiting unpatched vulnerabilities, becoming the most common entry point observed.
More access, more problems - In 99% of pentesting engagements, X-Force Red was able to compromise client cloud environments through users' excess privileges and permissions.
This type of access could allow attackers to pivot and move laterally across a victim environment, increasing the level of impact in the event of an attack.
Cloud account sales gain grounds in dark web marketplaces - X-Force observed a 200% increase in cloud accounts now being advertised on the dark web, with remote desktop protocol and compromised credentials being the most popular cloud account sales making rounds on illicit marketplaces.
News URL
https://www.helpnetsecurity.com/2022/09/29/cloud-security-trends-cloud-infrastructure-threats-video/
Related news
- Whitepaper: Reach higher in your career with cloud security (source)
- Transforming cloud security with real-time visibility (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Microsoft lost some customers’ cloud security logs (source)
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- Cloud threats have execs the most freaked out because they're not prepared (source)
- Obsidian Security Warns of Rising SaaS Threats to Enterprises (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Evolving cloud threats: Insights and recommendations (source)