IBM Finds Cloud Credentials Sell For Only Dollars In ‘Booming’ Dark Web Market

the Transform Technology Summits begins October 13 with Low-Code / No Code: Enabling Business Agility. Register now!

Cyber ​​attacks have increased in both frequency and severity, but it’s not just because malicious actors are improving their game (although they are doing a lot). Many cybersecurity veterans feel that the effective solutions the industry has come up with over the years are not being fully exploited, and now a new report from IBM sheds light on the ways companies are leaving the door wide open. in par. It also details a “booming” dark web market for compromised cloud accounts, where some credentials sell for a few dollars.

the X-Force 2021 Cloud Security Threat Landscape Report, released today, found that two out of three breaches in the cloud environments studied were caused by incorrectly configured APIs. The team also observed virtual machines with default security settings that were erroneously exposed to the Internet, including misconfigured platforms and insufficiently enforced network controls. Additionally, researchers found password and policy violations, such as unchanged default credentials, weak passwords, and shadow IT, in 100% of cloud penetration tests conducted over the past year.

Overall, the report concludes that fixing configuration errors in applications, databases, and policies could have stopped two-thirds of the cloud environments violated by IBM. But X-Force team member Charles DeBeck says the main takeaway isn’t that companies aren’t doing the basics, but rather that when they try, they’re crashing into a wall of complexity they inadvertently built around their business. business. His thoughts echo those of a variety of seasoned security experts, who recently cited the pace of digital transformation, specifically cloud adoption, as the number one factor adding complexity and contributing to today’s cybercrime environment.

“For years, companies have been putting tools on top of tools, creating a security maze that is difficult to untangle, let alone manage,” DeBeck told VentureBeat. “It has hampered its ability to detect threats in its massive and ever-expanding digital infrastructure, as well as its ability to quickly automate a remediation response.”

Cloudy with a chance of ransomware

The use of cloud technology is exploding in the enterprise. Gartner predicts that 70% of all enterprise workloads will be deployed in the cloud by 2023, up from 40% in 2020. And overall, public cloud services worldwide are projected to grow by $ 387.7k million in 2021 to $ 805.5 billion in 2025, according to Gartner. So, of course, this is where malicious actors are directing their attention.

“We are seeing a lot of malware families developing new cloud-centric capabilities,” DeBeck said. “This tells me that threat actors realize that the cloud is where things are going and are investing accordingly. And that means security in the cloud will continue to be critical. “

In addition to the tactics used to breach enterprise clouds, IBM researchers also uncovered a thriving dark web market in which nearly 30,000 compromised cloud accounts were for sale at bargain prices. Some were selling for just a few dollars, while others cost more than $ 15,000 per account access credential. And in 71% of cases, threat actors offered Remote Desktop Protocol (RDP) access to cloud resources, providing cybercriminals with direct access and turnkey options to further automate their access to environments. from the cloud.

These findings represent IBM’s insights from reviewing multiple dark web markets from July 2020 to July 2021. The report states that dark web research is constantly changing, but this trend is likely to continue. keep up.

“This is a huge booming business, and as long as there is money to be made, criminals will continue to target cloud environments,” DeBeck said.

Insure the company

In the report’s conclusion, IBM Security X-Force suggests that cloud users implement a multi-phase approach to preparing for and responding to cloud security incidents. Recommendations include adopting a zero trust philosophy and implementing strong access control practices, including multi-factor authentication (MFA) and the principle of least privilege for cloud identities. Additionally, the team advises companies on scope penetration testing projects to identify vulnerabilities and also participate in adverse simulation exercises, using cloud-based scenarios to train and practice effective cloud-based incident response.

There is also an emphasis on using an open and integrated security approach to help connect the dots between security data residing in a fragmented cloud environment.

“It is essential that companies redouble their efforts to modernize their hybrid cloud infrastructure,” said DeBeck. “They must treat their cloud environments as a single architecture, taking an open and integrated approach to address these preventable and currently anticipated risks.”


VentureBeat’s mission is to be a digital urban plaza for technical decision makers to gain insight into transformative technology and transact. Our site offers essential information on data technologies and strategies to guide you as you run your organizations. We invite you to become a member of our community, to access:

  • updated information on the topics of your interest
  • our newsletters
  • Exclusive content from thought leaders and discounted access to our treasured events, such as Transform 2021: Learn more
  • network features and more

Become a member



Please enter your comment!
Please enter your name here