Data breaches have skyrocketed over the past decade, with 2.6 billion personal records being exposed in the last two years alone, and 2023 is on track to set a new record. These troubling findings come from a recent report by Professor Stuart E. Madnick of MIT, underwritten by Apple.
The report reveals that attackers are becoming increasingly skilled at exploiting misconfigured clouds and taking advantage of unsecured end-to-end phone encryption. Ransomware attacks are also on the rise, posing a significant threat to organizations.
In addition to highlighting these threats, the report also sheds light on the broader vulnerabilities that enterprises face. Madnick’s research uncovered a nearly 50% increase in ransomware attacks in the first half of 2023 compared to the first half of 2022, as well as the targeting of fleets of mobile devices during attacks in order to paralyze communications until a ransom is paid.
But what exactly is a misconfigured cloud and why are attackers so drawn to them? Unencrypted identity data stored in insecure or misconfigured clouds provides a prime opportunity for attackers to gain unauthorized access. According to Madnick, recent incidents – such as one involving Microsoft AI’s research division exposing sensitive information due to a cloud misconfiguration – demonstrate the severity of the problem. These clouds serve as a gateway for attackers to steal identity data, which can then be used for fraudulent activities.
Furthermore, attackers are targeting misconfigured clouds because they offer an easy entry point to gain control of identities, making ransomware attacks more successful. Merritt Baer, Field CISO at Lacework, highlights that attackers are exploiting legitimate credentials and overprovisioned permissions to gain unauthorized access to cloud environments and entire fleets of mobile devices. This poses a significant challenge for organizations, as most cloud security failures are attributed to misconfigured controls, costing an average of $4 million to resolve.
Given the widespread impact of these vulnerabilities, it’s crucial for organizations to prioritize cloud security and ensure that appropriate controls are in place to mitigate these risks. To learn more about the implications of targeting misconfigured clouds and phones, read the full article here.