Home SecurityCloud Security Excess privilege in the cloud is a universal problem, IBM says

Excess privilege in the cloud is a universal problem, IBM says

Source Link

Excess privilege granted to cloud identities is a key component in 99% of all security tests performed by IBM’s X-Force Red penetration testing team, according to a report released Wednesday by the company.

Both human users and service accounts were consistently found to have more access rights and privileges than they generally need, which makes exploiting a successful breach in a cloud system much easier than it would otherwise be, the report said.

“This setup enabled attackers who managed to get a foothold in the environment to pivot and move laterally to exploit additional cloud components or assets,” according to the report.

That’s bad news for the cloud sector, which also saw a 200% increase in the number of compromised accounts being sold on the dark web, and an increase in the average severity score of vulnerabilities found in cloud systems, IBM said. That severity score, which is based on CVSS, rose to an average of 18 in the latest report, up from 15 ten years ago.

“It stands to reason that as the number of available cloud-based applications rises, more cloud-related vulnerabilities will be disclosed, which increases the overall attack surface for cloud environments,” the report said.

Cloud security lapses lead to cryptojacking, ransomware

The total number of cloud-based vulnerabilities also increased substantially over the course of the past year, the report’s authors added, with 28% growth. The most common malware deployed as a result of compromised cloud systems was cryptojacking and ransomware, although data exfiltration and extortion attacks were also seen.

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment