IBM Report Offers Glimpse Into Dark Web Credential Trafficking

Cloud breaches aren’t going away any time soon.

For today’s enterprise organizations, operating within the cloud is table stakes. It’s faster, more scalable and cost-effective than your grandma’s service oriented architecture (SOA).

However, companies new to the cloud, or those that’ve been there for a while, may not realize the floodgate of security risks that comes with the cloud’s increased flexibility. Like a tourist unknowingly venturing into a city’s most dangerous neighborhood, they don’t see the cybercriminals around the corner waiting to pounce on valuable company assets.

A new Report from IBM details how hackers are feasting on vulnerable cloud environments, and offers a troubling look at how these stolen resources are trafficked on the dark web. (Picture a farmer’s market, but replace the locally grown carrots and beets with login credentials and other sensitive information.) Here are some eye-opening insights gleaned from the data in the report, gathered from Q2 2020 to Q2 2021.

Unforced errors

More than two-thirds of cloud breaches were simply a case of companies leaving the door open. Specifically, attackers took advantage of misconfigured APIs and default security settings that rendered virtual machines and other cloud tools defenseless. Passwords proved troublesome as well: 100 percent of cloud environments studied had violated password and security policies.

Thank you for shopping at Dark Web Depot

According to IBM’s report, upwards of 30,000 account credentials were up for grabs on the dark web. Some were going for a few dollars, others for as much as $15,000. Many of the sellers operated like your average big-box retailer, offering 1–2 week refunds if buyers couldn’t access the cloud environment with the credentials they purchased.

Keeping up with the times

Cryptominers and ransomware were the most common types of malware used to attack cloud environments, comprising more than half of the breaches in the report. Penetration testing revealed that threat actors updated old malware to key in on Docker containers and developed new malware written in cross-platform programming languages.

It also doesn’t appear that cloud breaches are slowing down any time soon: publicly disclosed attacks of cloud applications have increased by more than 150 percent over the last five years.

Clearly, the latest wave of malware is all-in on cloud vulnerability. Is your company all-in on cloud security?

Deduce safeguards your customers from account takeover fraud. Activate your free trial here, and see how Deduce can bring cloud conspirators back down to earth.