Cloud computing isn’t inherently less secure than on-prem infrastructure — if organizations configure their cloud instances properly. Unfortunately, in many cases, they do not. Cloud misconfigurations account for 65% to 70% of cloud security issues.
What does “cloud misconfiguration” mean? It’s a rather broad term that covers many possible errors, but by far, the most common mistake is using a weak password to secure a cloud instance — or not using one at all. A recent report by Google Cloud’s Cybersecurity Action Team estimates that half of compromised Google Cloud instances have weak or no passwords for user accounts or API requests.
Google Cloud’s research also found that cybercriminals are finding, and exploiting, insecure cloud instances with amazing speed. When Google set up insecure cloud honeypots to attract threat actors, 40% of the honeypots were compromised within eight hours. In one instance, the time-to-compromise was only 30 minutes. This indicates that cybercriminals, fully aware that many organizations aren’t configuring their clouds properly, are actively scanning public IP addresses for potential targets.
Threat Actors Behind the SolarWinds Breach Still Active & Engaging in Credential-Harvesting
Google Cloud’s findings come as we approach the one-year anniversary of one of the worst data breaches in recent years, which targeted SolarWinds and compromised 18,000 of the MSP’s customers, including nine federal agencies. The SolarWinds breach happened due to a weak password that had been publicly exposed on the company’s Github repository — a mistake that the company tried to blame on an intern.
As SolarWinds pointed fingers, Nobelium, the cybercrime cartel responsible for the breach, was hard at work, devising new and innovative ways to simultaneously compromise very large numbers of targets. A new threat intelligence report by Mandiant found that, among other tactics, Nobelium is making use of credential-stealing malware such as Cryptbot, which harvests system and web browser credentials. This, Mandiant points out, enables Nobelium to compromise organizations directly, without having to leverage a breached service provider.
Start a free trial of Keeper and protect your cloud infrastructure today.
Start Now
Over 80% of successful data breaches, and over 75% of ransomware attacks, are due to stolen or compromised passwords, making password security integral to a secure digital transformation.
Historically, network security models were based around the premise that all users and devices within the network perimeter could be trusted; only those outside needed to be verified. This model falls apart in modern, cloud-based data environments, which have no defined network perimeter. A zero-trust model assumes that all users and devices could potentially be compromised, and everyone, human or machine, must be verified before they can access organizational network resources. With an emphasis on password security, Role-Based Access Control (RBAC), and least-privilege access, zero-trust models support a secure digital transformation by helping prevent cyber attacks caused by compromised user credentials or stolen devices.
Organizations must establish and enforce a comprehensive password security policy throughout the enterprise, including the use of strong, unique passwords for every account, enabling multi-factor authentication (MFA) on all accounts that support it, and using an enterprise password management (EPM) platform such as Keeper.
Keeper’s zero-knowledge, enterprise-grade password security and encryption platform gives IT administrators complete visibility into employee password practices, enabling them to monitor and enforce password security policies organization-wide, including the use of strong, unique passwords and MFA. Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization.
Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.