Security: IBM Traces Two-Thirds of Compromises to Misconfigured APIs

The report is drafted from a sweeping survey of dark web analysis and various X-Force elements analysis.

Sept. 20, 2021, 3:13 p.m.

TL;DR

On September 16, 2021, IBM Security X-Force released a report that apportions two-thirds of cloud breaches to misconfigured Application Programming Interfaces.

Robust hardening would have been the answer to curbing two-thirds of these breaches.

Key Facts

1
The dark web survey projects the existence of incredibly high public cloud access purchase activity.
2
Cloud environment penetration tests by X-Force Red traced some issues down to passwords or primary policies.
3
About half of just over 2,500 vulnerabilities in cloud-deployed applications surfaced in the last 18 months.
4
Cryptomining and ransomware have been listed as the top and most deployed malware in cloud environments.

Details

Another one for the cyber security category. Security, in general, has been in a dilemma around the world. In the cybersecurity category, there have been direct reports about unfortunate events. Some are extensive surveys and research intended to curb subsequent attempts and reduce the toll of cyber attack victims. This publication corresponds with the latter.

In the last month of Q3, 2021, the security wing of global IT hardware manufacturer International Business Machines Corps (IBM) released a report that apportioned two-thirds of cloud breaches to API misconfigurations. The data was spawned off activity from June 2020 to the end of June 2021.

The conclusion represents a summary of data contributed by dark web analysts, IBM Security Services metrics, IBM Security X-Force Red penetration testing data, X-Force Threat Intelligence research, and X-Force Incident REsponse analysis.

Researchers discovered high public cloud access transactional activity by analyzing the dark web, and dark web personnel advertised thousands of cloud accounts and resources for sale. 71% of these were Remote Desktop Protocol access, while some cases were login details to access cloud environments which cost only a few dollars.

A high percentage of the X-Force Red penetration testing on cloud environments traced problems down to passwords or primary policies. Robust hardening would have been the answer to curbing two-thirds of these breaches.

The number of vulnerabilities in cloud-deployed apps has also increased. From January 2020 to June 2021, over half of the more than 2,500 known vulnerabilities in cloud-deployed applications have been revealed. While some of the increase can be ascribed to better tracking, the high rise emphasizes the significance of risk management.

APIs were found to be the Achilles heel for most cloud environments. Avoiding misconfigurations is a Herculean task, and threat actors pounce on these vulnerabilities a lot. Two-thirds of these occasions have been tracked down to misconfigured APIs; threat actors have been making lateral movements from on-premises environments to cloud environments.

More than half of breaches to cloud environments occurred because of some form of shadow IT activity. In general, to mitigate cloud security issues, IT organizations should be embracing zero-trust IT architectures, reducing the overall complexity of their cloud environments and continuously testing for vulnerabilities and misconfigurations.
Charles DeBeck
Senior Cyber Threat Intelligence and Strategic Analyst with IBM X-Force Incident Response and Intelligence Services.

Some platforms might be able to vouch for their security, and other platforms are undoubtedly flawed. Most cloud platforms are engineered by greenhorn IT practitioners with high chances of misconfiguring an environment.