It may be hard to think of a misconfigured system as a threat, but it can be the silent killer. To that point, publicly disclosed misconfiguration incidents increased 20 percent year-over-year, a new report found.
While there was a rise in incidents, on the positive side, misconfigurations were not responsible for as many compromised records as the year before. There was a 52 percent decrease in records compromised because of this threat vector, according to the IBM X-Force Threat Intelligence Index 2019.
IBM Security released the IBM X-Force Threat Intelligence Index annually, which summarizes the most prominent threats raised by our research teams from over the past year.
Misconfigured cloud servers that include publicly accessible cloud storage, unsecured cloud databases, and improperly secured rsync backups, or open Internet connected network area storage devices contributed to the exposure of more than 990 million records in 2018. This represents 43 percent of the more than 2.7 billion compromised records tracked by X-Force research for the year.
While this number is notably lower than the 2 billion records compromised in 2017, the total number of publicly disclosed incidents that were attributed to misconfigured assets still increased 20 percent, year-over-year, the report said.
A 2018 survey indicated that misconfiguration is now the single-biggest risk to cloud security, with 62 percent of surveyed IT and security professionals noting it as a problem, followed by misuse of employee credentials or improper access at 55 percent, and non-secure interfaces at 50 percent.
Misconfigured systems often give attackers access to a plethora of data including email addresses, user names, passwords, credit card and health data, and national identification numbers. In one of the largest incidents in 2018, a major marketing firm leaked 340 million records of personal data including addresses, phone numbers, family structures, and extensive profiling data.
Misconfigured systems could potentially expose internal company communications across a firm’s entire global footprint and even lead to detrimental exposure of intellectual property, trade secrets, and the organization’s strategic plans, the report said.
Leaked login data from misconfigured assets can be used in targeted brute-force attacks where user IDs and passwords are reused across multiple assets and websites, the report said. Exposed data could also be used as part of larger identity theft schemes and to perform fraudulent activity. While most publicly disclosed breaches involving misconfigurations appear to be the result of inadvertent actions, a malicious insider could purposefully expose data and make it appear as an unintentional act.