Oh it's phishing, credential abuse and misconfigurations again!

Phishing is on the rise and pretty much any report you read its listed as the number one way to gain access. Usually followed by some other sort of abused credentials method. Why is it always these?

Gartner expects global spending on cloud services to total $723.4 billion over 17% increase from 2024. At the same time IBM's research in cloud security the average price of compromised cloud credentials on the dark web is $10.23, 12.8% cheaper than in 2022. This means we are all running around with misconfigured deployments and it's getting easier for attacker to gain access to your network through credential abuse.

Coming from a recent event where multiple business representatives were discussing how attackers gain access to their organisation,there is one thing message I always reinforced. Attackers will usually go for the easiest way to gain access. This usually doesn't involve wasting expensive 0-day exploits (unless you are someone really special). A phishing link leading to a "malware-free attack" is now a very prevalent way to attack.

What can you do as a business to protect yourself?

1. Phishing training for your employees - this is a very cheap and effective way that increases awareness of attacks.

2. Check for misconfigurations and have an accurate Asset Inventory - in order to get a clear picture of your risk exposure you need to know what you are trying to protect. Then ask yourself what's the minimum number of services that need to be exposed for my business to function.

3. MFA and IAM tools - Multi Factor Authentication by now should be a given and a lot of cloud platforms it's enforced by default. However, there are different ways to implement to MFA, some more secure than others, move away from SMS code please. A good IAM tool also adds another layer of monitoring for things such as "impossible travel" scenarios is encouraged.

The rise in these sort of attacks have lead to an increase ITDR & Cloud security services. These can help stengthen your position against the rise of these attacks. Artifact Security is performing ongoing research in the strengths and limitation of these services, you can find our methodology here.

Sign up to our newsletter for our upcoming report focused on Cloud-centric attackers. If you would like your vendor to take part, ask them to be part of an evaluation to prove their capabilities!