IBM Security Global Forum

 View Only

New X-Force Cloud Threat Landscape 2023 Report

By Sarah Villavicencio posted Wed September 13, 2023 01:45 PM


Organizations are continuing to grapple with evolving and expanding cloud security threats. Understanding the cloud threat environments is critical. The new IBM 2023 Cloud Threat Landscape Report analyzes real-world cloud cybersecurity incidents over the past 12 months, identifies the top threats cloud environments face, and provides best practices that can help organizations stay safe.

Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past year. Improper use of credentials made up the top cause of cloud compromises that X-Force responded to in the past year, reaffirming the need for businesses to double down on hardening their credential management practices.

Based on insights from X-Force threat intelligence, penetration tests, incident response engagements, Red Hat Insights and data provided by report contributor Cybersixgill, between June 2022 and June 2023, some of the key highlights stemming from the report include:

  • Credentials worth a dozen doughnuts — Over 35% of cloud security incidents occurred from attackers’ use of valid, compromised credentials. Making up nearly 90% of assets for sale on dark web marketplaces, credentials’ popularity among cybercriminals is apparent, averaging $10 per listing — or the equivalent of a dozen doughnuts. Microsoft Outlook Cloud credentials accounted for over 5 million mentions on illicit marketplaces — by far the most popular access for sale.
  • “Unkempt” clouds — X-Force observed a nearly 200% increase in new cloud related CVEs from the prior year, now tracking close to 3,900 cloud-related vulnerabilities, a number that has doubled since 2019. Adversaries can advance their objectives significantly by exploiting many of these vulnerabilities with over 40% of new cloud CVEs allowing them to either obtain information or gain access, indicating the strong foothold attackers can establish through these entry points.
  • Europe’s cloudy forecast  Sixty-four percent of cloud-related incidents that X-Force responded to during the reporting period involved European organizations. In fact, across all malware that Red Hat Insights observed, 87% was identified in European organizations, highlighting their attractiveness to attackers. It’s possible that the increasing tensions in the region and uptick in deployment of back doors — which was reported in the 2023 X-Force Threat Intelligence Index — could be related to the placing of European cloud environments at the top of the targets observed.

To get more insight from this year's report, or dig into these further, register for the webinar on 9/20 or download the full report.