Security News > 2022 > September > Cloud security trends: What makes cloud infrastructure vulnerable to threats?
The X-Force report pulls data from IBM's threat visibility, including X-Force Threat Intelligence data, hundreds of penetration tests, incident response engagements, and data provided by report contributor Intezer between July 2021 and June 2022.
Cloud vulnerabilities are on the rise - Amid a sixfold increase in new cloud vulnerabilities over the past six years, 26% of cloud compromises that X-Force responded to were caused by attackers exploiting unpatched vulnerabilities, becoming the most common entry point observed.
More access, more problems - In 99% of pentesting engagements, X-Force Red was able to compromise client cloud environments through users' excess privileges and permissions.
This type of access could allow attackers to pivot and move laterally across a victim environment, increasing the level of impact in the event of an attack.
Cloud account sales gain grounds in dark web marketplaces - X-Force observed a 200% increase in cloud accounts now being advertised on the dark web, with remote desktop protocol and compromised credentials being the most popular cloud account sales making rounds on illicit marketplaces.
News URL
https://www.helpnetsecurity.com/2022/09/29/cloud-security-trends-cloud-infrastructure-threats-video/
Related news
- Exposing the top cloud security threats (source)
- Harnessing the Power of CTEM for Cloud Security (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- The first steps of establishing your cloud security strategy (source)
- eBook: Cloud security skills (source)
- Building a strong cloud security posture (source)
- The Fundamentals of Cloud Security Stress Testing (source)
- 7 Best Cloud Security Posture Management (CSPM) Tools for 2024 (source)
- Cloud security incidents make organizations turn to AI-powered prevention (source)
- UK businesses shockingly unaware of how to handle security threats (source)