Amazon Web Services sits atop an expanding global infrastructure services market that hit $84 billion in the third quarter 2024, up 23% year-over-year, making AWS the biggest target for threat groups. As with other cloud providers, stolen credentials and poor identity management continue to be a significant problem.
SentinelOne researchers, in a column, noted that inadequate identity and access management (IAM) practices were the second most common AWS security issue – behind misconfigured S3 buckets – and in a recent report, Fortinet investigators detailed the latest tactics by EC2 Grouper, an ongoing bad actor that routinely uses legitimate credentials to gain access to victims’ cloud accounts.
EC2Grouper’s tools include using AWS tools for PowerShell in their attacks, Fortinet cloud threat researcher Chris Hall wrote, adding that “identifying illicit usage of valid credentials in the cloud can be a nuanced and difficult task. This poses a considerable challenge when it comes to detection, as the vast majority of attacks in the cloud involve compromised credentials.”
None of this should come as a surprise to MSSPs and MSPs, which are continuing to add IAM and cloud protection services to their portfolios and are big users of PowerShell for managing Microsoft environments.
IAM a Key Service for MSSPs
“IAM is crucial for controlling who can access what within a network,” NordLayer, a network access security service firm, wrote in October, adding that included in IAM are such tools as multifactor authentication (MFA) and single sign-on services. “By implementing robust IAM practices, MSPs and MSSPs can offer tailored access solutions that bolster security while improving the user experience.”
In its threat landscape report in October 2024, IBM’s X-Force threat intelligence unit wrote about hackers using phishing campaigns to steal data and credentials that can be used in other attacks, including business email compromise (BEC).
“A lot of the phishing attacks we’ve seen all these are using stolen credentials,” Bob O’Donnell, principal analyst with TECHnalysis Research, told MSSP Alert. “Credential theft is how a lot of this stuff is being done. It’s a huge factor.”
Identity Protection is Complex, Expensive
Identity management has never been easy, and the increasingly distributed nature of IT environments and data – not only on premises but also in the cloud and out to the edge – is making it more complex and expensive for enterprises. That complexity can cover everything from identity provisioning and regulations and compliance to data security, non-human identities, and BYOD, according to Oracle.
Such complexity is fueling interest in such managed security services from organizations that want to shift some of the burden of protecting their infrastructure and data from their own security teams to partners. The global managed security services market continues to grow, with MarketsandMarkets analysts forecasting a jump from $30.6 billion in 2023 to $52.9 billion by 2028.
Struggling to Manage Credentials
The nature of cloud computing can hinder strong identity management for businesses, according to Jim Routh, chief trust officer at Saviynt, whose cloud-based Identity Cloud platform let organizations manage and secure identities across applications and systems. MSSPs and MSPs also can use the platform to manage identities for their customers.
Fortinet’s information on ECS Grouper puts a spotlight on problems facing companies doing business in the cloud, Routh said.
“This is an excellent example of the weaknesses prevalent in cloud account access management established without effective IAM practices for many enterprises today,” he said. “Software engineers and DevOps teams are rightly motivated to build capabilities that support the time-to-market objectives for the business.”
However, this often leads to “steps taken for the convenience of the development team – storing passwords in code repositories – that increase vulnerabilities that can be exploited by sophisticated threat actors,” he added.
TECHnalysis’ O’Donnell said for many companies, turning to managed security services – including for IAM – is an option for managing an expanding threat landscape and an increasingly complex security environment.
“Companies are all looking for solutions they can use to secure access for both local and cloud-based resources,” he said, adding that finding such tools “is a huge win for any enterprise.”
