Summary: Weak credentials and misconfigurations in cloud systems were responsible for 75% of network intrusions in the first half of 2024, according to Google Cloud’s Threat Horizons Report.
Threat Actor: N/A
Victim: N/A
Key Point :
- Weak or no credentials accounted for 47% of cloud environment attacks, while misconfigurations were the initial access vector for 30% of attacks.
- This marks a slight decrease from the second half of 2023, where weak or no credentials were responsible for 51% of attacks.
- Misconfigurations as an initial access vector saw a significant jump from 17% in the second half of 2023 to 30% in the first half of 2024.
Dive Brief:
- Weak credentials and misconfigurations across cloud systems were at the root of 3 in 4 network intrusions during the first half of 2024, Google Cloud said Wednesday in its latest Threat Horizons Report.
- Google Cloud said systems with weak or no credentials were the top initial access vector, accounting for 47% of cloud environment attacks during the first six months of the year. That’s a slight decrease from the second half of 2023 when weak or no credentials were at the root of 51% of attacks, according to Google Cloud.
- Misconfigurations were the initial access vector for 30% of all cloud environment attacks during the first half of 2024, marking a significant jump from 17% in the second half of 2023.
Dive Insight:
Poor identity governance is a chronic condition that cybersecurity professionals, threat hunters and incident response firms have been sounding the alarm over for years.
Legitimate credentials were at the root of a spree of attacks in April targeting more than 100 Snowflake customer environments, resulting in massive data breaches at AT&T, Advance Auto Parts, Pure Storage and other organizations.
Snowflake customers’ credentials were obtained from multiple infostealer malware infections on non-Snowflake owned systems, according to the cloud-based data warehouse vendor and Mandiant. Impacted customer accounts were not configured with multifactor authentication, Mandiant’s investigation found.
Dozens of companies recovering from data theft, extortion demands and advertisements for the sale of allegedly stolen data on the dark web remain mostly shrouded in mystery.
A ransomware attack snarled the U.S. healthcare industry for months earlier this year when an attacker used stolen credentials for a Citrix remote access server to gain access to systems used by Change Healthcare, a subsidiary of UnitedHealth Group. The Citrix portal did not have MFA turned on.
“Weak or no credentials remained a key driver of initial access, accounting for the most frequent successful vector and the second most commonly seen trigger for detection rules,” Google Cloud said in the report.
The identity challenge confronting enterprises is persistent. The Cybersecurity and Infrastructure Security Agency pinned more than half of all attacks on critical infrastructure networks and state and local agencies on valid account credentials in 2022.
In almost 40% of ransomware attacks Mandiant responded to last year, cybercriminals used legitimate credentials or brute-force attacks to gain initial access to victim environments.
IBM X-Force’s annual Threat Intelligence Index report found valid account compromises accounted for almost one-third of global cyberattacks last year, making it the most-common initial access vector for attacks in 2023.
Source: https://www.cybersecuritydive.com/news/cloud-attacks-weak-credentials/721573
“An interesting youtube video that may be related to the article above”