Are you surprised that Cloud Credentials are being stolen by Phishing and BEC?

MSSPAlert.com reported that “Stolen credentials continue to be 'coin of the realm' for threat groups targeting cloud environments, and the range of tactics they use to get them – from phishing and business email compromise (BEC) campaigns to keylogging and brute force – prove that out.”  The October 3, 2024 report entitled “IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials” (https://www.msspalert.com/feature/ibm-x-force-hackers-using-phishing-bec-to-steal-cloud-credentials) include these comments:

In the latest edition of their annual IBM X-Force Cloud Threat Landscape Report released Tuesday, the researchers found that phishing attacks over the past two years accounted for 33% of cloud-related cyber incidents, with bad actors increasingly using adversary-in-the-middle (AITM) techniques. Such attacks involve the hackers positioning themselves between the victim and a legitimate service to intercept communications.

“This type of attack is particularly dangerous because it can bypass some forms of MFA [multi-factor authentication], making it a powerful tool for cybercriminals,” Austin Zeizel, threat intelligence consultant with X-Force, wrote in an accompanying blog post. “Once inside a victim’s environment, threat actors seek to carry out their objectives.”

Those objectives include BEC attacks and credential theft, Zeizel wrote. BEC attacks accounted for 39% of incidents since 2022, with the bad actors typically using harvested credentials from phishing attacks to take control of email accounts and run further attacks.

IBM developed the report through threat intelligence it gathered, incident response engagements, and partnerships with Cybersixgill, a cyber intelligence company that monitors the dark web, and Red Hat Insights software-as-a-service (SaaS) tool.

Surely no one is surprised!