Here's Why Cloud Credentials Are The Hottest Item On Criminal Marketplaces
The Register, Thursday, September 14,2023
Stolen cloud credentials cost about the same as a dozen donuts, according to IBM X-Force, whose threat intel team says logins make up almost 90 percent of goods and services for sale on dark web marketplaces.
However, in many instances criminals don't even need to shell out the 10 bucks. X-Force also discovered plaintext credentials on user endpoints in a third (33 percent) of all the cloud-related incidents it responded to.
"And that's a terribly high number relative to what the industry should know at this point about safekeeping of secrets and passwords in particular," said Chris Caridi, a cyber threat analyst at IBM X-Force, who authored the 2023 Cloud Threat Landscape Report.
In light of these other statistics, perhaps it shouldn't be too surprising that valid credentials are the most common initial access vector in cloud security breaches, occurring in 36 percent of all cases that the X-Force IR team responded over a 13-month period.