Dive Brief:

• More than 3 in 5 compromises in the cloud during Q1 2023 were directly linked to poor access management, according to research Google Cloud released Thursday.
• About 55% of all cloud compromises analyzed by Google Cloud’s incident response teams during the quarter were the result of weak or nonexistent passwords, the company said in its Threat Horizons Report. Leaked credentials accounted for 7% of cloud compromises.
• The remaining cloud compromises were associated with misconfigurations, sensitive user interfaces or exposed APIs and software vulnerabilities, according to the report.

Dive Insight:

Google Cloud’s research underscores a persistent theme across the cyber landscape: Access is critical.

Account credentials are at the root of most cyber intrusions, including attacks on critical infrastructure networks and state and local agencies, the Cybersecurity and Infrastructure Security Agency said in its annual risk and vulnerability assessment last week.

Valid accounts, including former employee accounts not removed from Active Directory and default administrator credentials, were responsible for 54% of all attacks studied by CISA.

​​“Gaining initial access to an organization’s network is the first step in a successful attack,” CISA wrote in its analysis. “If threat actors establish initial access, then they could execute other techniques such as privilege escalation to ultimately steal information.”

Stronger identity management guardrails could address the credential issues that remain a consistent challenge for organizations, Google Cloud said in the report.