IBM has observed a significant rise in new vulnerabilities related to cloud computing. The number of tracked vulnerabilities has doubled since 2019, reaching close to 3,900 [1]. This increase highlights the growing importance of addressing security concerns in cloud environments.
Description
Between June 2022 and June 2023 [2], IBM identified 632 new vulnerabilities specifically related to cloud computing. This represents a substantial 194% increase compared to the previous year. Of these vulnerabilities [1], over 40% have the potential to enable attackers to obtain sensitive information or gain unauthorized access.
The primary method of compromising cloud environments was through the use of valid credentials by threat actors, accounting for 36% of real-world incidents [2]. This highlights the importance of implementing strong security practices, as poor practices such as storing plaintext credentials on user endpoints and overprivileged service account credentials make it easier for attackers to exploit vulnerabilities.
Other common methods of access include the exploitation of public-facing applications and phishing attacks. It is crucial for organizations to be vigilant in protecting their cloud environments against these threats.
Europe experienced the majority of cloud-based attacks [2], followed by North America [2]. This highlights the need for organizations in these regions to prioritize cloud security measures to mitigate the risk of potential breaches.
Conclusion
The significant increase in cloud-related vulnerabilities underscores the need for organizations to prioritize security measures in their cloud environments. Implementing strong security practices, such as securely storing credentials and regularly updating and patching systems, can help mitigate the risk of attacks.
Furthermore, organizations should invest in employee training and awareness programs to combat phishing attacks and ensure that public-facing applications are regularly monitored and secured.
As cloud computing continues to grow in popularity, it is crucial for organizations to remain vigilant and proactive in addressing security concerns. By doing so, they can protect sensitive information and maintain the integrity of their cloud environments in the face of evolving threats.
References
[1] https://securityintelligence.com/posts/adversaries-use-valid-credentials-compromise-cloud-environments/
[2] https://www.infosecurity-magazine.com/news/cloud-cves-surge-200-in-a-year/
