Misconfigured Clouds Compromise 424% More Records in 2017

Cybercriminals are increasingly aware of misconfigured systems and theyre taking advantage, report IBM X-Force researchers.

Insider mistakes like networked backup incidents and misconfigured cloud servers caused nearly 70% of all compromised records in 2017, according to new data from IBM X-Force. These types of incidents affected 424% more records last year than the year prior, they report.
It wasnt all bad news from the IBM X-Force Threat Intelligence Index, which pulls insights on data from millions of endpoints across hundreds of countries. Researchers found 2.9 billion records were reported breached, nearly 25% less than the 4B reported in 2016. Frequently targeted industries saw a decline in attacks (18%) and security incidents (22%) since 2016, a drop that can be primarily attributed to a decline in Shellshock attacks throughout 2017.
Hackers arent slowing down but they are changing their strategies, researchers say, swapping data breaches for ransomware. Instead of compromising large amounts of data, they decided it was more lucrative to lock down data access and demand ransom in return.
Attackers are pretty much following the money, says Paul Griswold, director of strategy and product management at IBM X-Force. The shift to ransomware wasnt super surprising, he says, since ransomware can be more profitable than stealing data. This idea extends to attacks like WannaCry and NotPetya, where the goal was seemingly destruction, not financial gain.
Chances are, those guys were being paid by somebody, says Griswold of these attacks. While they didnt profit from the ransomware directly, he anticipates the threat actors didnt launch global ransomware campaigns just for fun. They still earned money for the attacks.
The most common class of attack vector between 2016-2017 was injection attacks, which accounted for 79% of malicious activty on enterprise networks - nearly double what it was last year. Researchers say the reason injection attacks increased is because both botnet-based command injection local file inclusion attacks and command injection attacks used embedded coin-mining tools.
Still Foggy on Cloud Configuration
Businesses struggle to properly configure cloud servers, and cybercriminals know it. Inadvertent mistakes are costing companies big-time as attackers discover and target misconfigured cloud environments, IBM researchers report, and poorly configured systems were responsible for exposing more than 2 billion records that X-Force tracked in 2017.
Cloud misconfigurations are split into three categories: misconfigured cloud databases, which caused 566.4M breached records, publicly accessible cloud storage (345.8M), and improperly secured rsync backups or open Internet-connected network area storage devices (393.4M).
I think this just goes to show the inexperience in doing that, says Griswold of moving to the cloud. Chances are with on-prem, people understand how the data is stored and how the server is configured because theyre the ones who did it … with cloud, its a little bit different.
Several teams, DevOps and operations for example, put pressure on businesses to move to the cloud. Theres a whole bunch of desire to move things up to the cloud, and thats where things might be rushed, he says. Its a learning curve, definitely.
Companies can better secure their cloud environments by involving the security teams as they move workloads to the cloud; it cant be limited to dev and IT. Because misconfigurations are often easy to detect, it helps to regularly conduct pentests and app code scans.
Low Grades for Incident Response
When organizations got breached, we found a lot of times the response plans just werent in place, says Griswold, explaining how the rise in ransomware highlighted companies inability to cope with attacks.
An
IBM Security
study conducted last year found slow response times lead to more expensive attacks. Incidents that took longer than 30 days to contain cost $1M more than those contained in less than 30 days, an added incentive for businesses to shape their response strategies.
Many companies dont have any sort of incident response plan at all, and many of those who do have outdated plans and/or dont know how to execute on them. Just because you have a plan in place doesnt mean youre going to know the ins and outs of it, says Griswold.
Researchers anticipate
destructive ransomworms will continue to spread in 2018, as well as wide-spread vulnerabilities and sophisticated exploits targeting the public and private sectors. As they build incident response plans, Griswold urges businesses to ensure both technical controls and PR processes are in place, and have both PR and law firms on retainer.
You need to think about those legal aspects, he cautions.
Related Content:
Active Cyber Defense Is an Opportunity, Not a Threat
3 Security Measures That Can Actually Be Measured
One-Third of Internal User Accounts Are Ghost Users
Microsoft Patches Critical Flaw in Malware Protection Engine
Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda
here
. Register with Promo Code DR200 and save $200.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Misconfigured Clouds Compromise 424% More Records in 2017