Cloud CVEs Surge 200% in a Year

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report from the tech giant.

The IBM X-Force Cloud Threat Landscape Report 2023 was compiled from the firm’s threat intelligence, incident response engagements and pen tests, alongside dark web analysis, input from Cybersixgill and the Red Hat Insights service.

The latest haul of new CVEs brings the total number tracked by the vendor to 3900, a number that has apparently doubled since 2019.

It revealed that just over 40% of the CVEs discovered during the current reporting period could allow an attacker to obtain information (21%) or gain access (20%).

However, the top initial access vector for cloud compromise during the period was the use of valid credentials by threat actors. This happened in 36% of real-world cloud incidents, with credentials either discovered during an attack or stolen prior to targeting a specific victim, the report noted.

Read more on cloud threats: Cloud Email Threats Soar 101% in a Year

The figure is up significantly from the 9% of incidents that featured compromised credentials in 2022. IBM analyst Chris Caridi argued it “highlights the need for organizations to move beyond human-reliant authentications and prioritize technological guardrails capable of securing user identity and access management.”

Poor security practices are making matters far easier for attackers than they should be. The X-Force team found plaintext credentials located on user endpoints in a third (33%) of engagements involving cloud environments.

“In particular, there was a high frequency of service account credentials stored on endpoints, and many were overprivileged,” the report explained. “Excessively privileged users can be defined as those who have more permissions than they need to do their job or task.”

In joint second place as the next most common access vectors were exploitation of public-facing applications and phishing and spear phishing, which accounted for 14% each of engagements.

Although all regions suffered cloud-based attacks, Europe accounted for the vast majority (64%) followed by North America at 29%. Red Hat Insights data supported these findings, revealing that European organizations accounted for 87% of malware scans, followed by North America at 12%.