According to one cybersecurity firm, this can happen if organizations allow a triad of critical risk factors to remain unaddressed
Based on a cybersecurity firm’s analysis of H1 2024 data gathered from billions of cloud assets across multiple public cloud environments under its care*, the following risk trends^ have been released to the industry.
First, 38% of organizations in the data set had at least one publicly exposed, critically vulnerable, and highly privileged cloud workload.
Second, 84% of organizations analyzed were deemed to have risky access keys to cloud resources: they possessed unused or longstanding access keys with critical or high severity excessive permissions.
Other findings
Third, the data showed that 23% of cloud identities (both human and non-human), had critical or high severity excessive permissions: analyses of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure identities of its customers had critical or high severity excessive permissions. Also:
- Critical vulnerabilities persisted in the analyzed cloud assets. One example was CVE-2024-21626, which was not remediated in over 80% of workloads analyzed, even 40 days after the date of widespread disclosure.
- 74% of organizations in the data were running publicly exposed storage assets, including those in which sensitive data resided, a factor for attracting ransomware attacks.
- 78% of organizations analyzed had publicly accessible Kubernetes API servers. Of these, 41% also allowed inbound internet access.
- 58% of organizations analyzed had cluster-admin role bindings, meaning that certain users had unrestricted control over all the Kubernetes environments.
According to Nigel Ng, Senior Vice President, Tenable (APJ), the firm that released its H1 2024 analytics findings: “Any organization that collects, maintains, and processes data, regardless of size or industry, is at risk of a breach if data is not secured properly. The toxic cloud triad (exposed to the public, critically vulnerable and highly privileged data) is the perfect storm for cyber threats. Public exposure opens the door to unauthorized access, while critical vulnerabilities give attackers a way in. Once inside, excessive privileges allow them to escalate their control and potentially take over key systems… By improving visibility, limiting privileges, and patching vulnerabilities, businesses… can significantly reduce their cloud security risks.”
*including cloud workload and configuration information from real-world assets in active production, covering cloud environments from major cloud service providers
^cloud-related public exposure risks, vulnerabilities, and excessive permissions
