Report: Cloud credentials are top sellers on the darknet

09/18/2023Darknet News

Many businesses moved to the cloud in 2020 in an effort to modify their infrastructure for a pandemic-affected globe. According to a recently released IBM research, the shift brought both new commercial prospects and new security dangers.

The cloud is now the major target of cybercriminals looking to sell logins to script kids on dark web markets, according to IBM X-Force, Big Blue’s platform for sharing and researching threat intelligence. Nearly 90% of the digital commodities sold on darknets nowadays are stolen cloud credentials, and they are also incredibly inexpensive.

The most recent IBM X-Force Cloud Threat Landscape Report examined “real world” cloud cyber-security incidents to which IBM responded over a 12-month period, gathering data from threat intelligence, pentests, and dark web analysis (conducted in collaboration with Cybersixgill). The COVID-19 outbreak prompted businesses to embrace cloud infrastructures quickly, but the same cannot be true for a proper, cloud-specific security posture.

On the other hand, according to John Dwyer, head of research at X-Force, thieves alter their tools and techniques more quickly as they look for the most effective approach to enter networks. Because of their quick proliferation and complicated technology, cloud services are becoming a more and more important part of this access.

These days, stolen cloud credentials are also quite affordable; in Dwyer’s words, they can be bought “for the same price as some donuts.” The majority of businesses also make use of multiple cloud services, which adds to the complexity and security risk. Over the course of a 13-month period, X-Force examined 632 new cloud-related CVE-tracked vulnerabilities, a staggering 194% rise from the previous year.

However, there were surprisingly few security problems found in 2022 (about 200), whereas the flaws listed in the most recent study are practically on par with the numbers found in 2021. However, this year’s problems were more hazardous because roughly 60% of them may give hackers successful access to data, user privileges, or login credentials.

On user endpoint systems, X-Force also found an appalling number of unencrypted passwords (33%), which were undoubtedly connected to the cloud-related incidents IBM examined. According to X-Force, valid credentials are now the most frequent first access vector in cloud security breaches, having been (ab)used in 36% of all instances.

The research makes recommendations for what businesses may do to reduce the risks associated with the cloud. Best practices for endpoint security are equally applicable for cloud environments, and network segmentation to limit access to sensitive resources could be very helpful. As a result, businesses should adopt a “zero-trust approach” to security that includes multi-factor authentication, contemporary identity and access management, and requirements that users refrain from repeating usernames and passwords.