IBM Security Services today published a report detailing a raft of issues pertaining to cloud security, including the fact that there are nearly 30,000 cloud accounts potentially for sale on dark web marketplaces.

The report is based on dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and X-Force Threat Intelligence research.

The report found advertisements for tens of thousands of cloud accounts and resources for sale. Prices generally range from a few dollars to over $15,000 per account for access credentials depending on the amount of cloud resources that might be made accessible. On average, the price tag for cloud access rose an extra $1 for every $15 to $30 in credit the account held. Therefore, an account with $5,000 in available credit would be worth about $250, the report surmised.

In 71% of cases, threat actors offered access to cloud resources via the remote desktop protocol (RDP). X-Force Red found that 100% of their penetration tests into cloud environments in 2021 uncovered issues with either passwords or policy violations. Two-thirds of cloud breaches would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems, the report noted.

More troubling still, IBM research indicates that vulnerabilities in cloud applications are growing, totaling more than 2,500 vulnerabilities for a 150% increase in the last five years. Almost half of the more than 2,500 disclosed vulnerabilities in cloud-deployed applications recorded to date were disclosed in the last 18 months.

The report also notes two-thirds of the incidents analyzed involved improperly configured application programming interfaces (APIs), mainly involving misconfigured API keys that allowed improper access. API credential exposure through public code repositories frequently resulted in access into cloud environments as well, the report noted.

API Security in Action