A new report emerged that two-thirds of cloud breaches can be traced to misconfigured API’s, 12 month Data analysis of dark web is taken in to consideration.

On the dark web side, 71% of cases, RDP access to cloud resources was offered for sale. In some cases, account credentials to access cloud environments were being sold for only a few dollars.

The vast majority of issues found with either passwords or policies. Subsequently, two-thirds of breaches to cloud environments would likely have been prevented by more robust hardening of systems.

APIs were the most common gateway for compromise. With two-thirds of incidents analyzed involving improperly configured APIs, threat actors were found to be pivoting from on-premises environments to cloud environments.

Over half of the breaches to cloud environments occurred due to what IBM calls “shadow IT.” These shadow IT attacks emerge via unauthorized systems spun up against security policies that lack vulnerability and risk assessments, as well as hardened security protocols.

The report also noted that threat actors continue investigating in cloud targeting with cryptominers and ransomware remaining the top dropped malware into cloud environments.

Threat actors are continuing to pursue clouds in their malware development, with new variants of old malware focusing on Docker containers, as well as new malware being written in programming languages, like Golang, that run cross-platform.