Over a third (38%) of organizations are running at least one cloud workload that is highly at risk for multiple reasons, a report from Tenable has found.
A combination of high privileges, critical vulnerabilities, and public exposure defines these high-risk workloads, with Tenable stating that they are prime attack targets for malicious actors.
Tenable created the report by analyzing telemetry data from billions of cloud assets across various clouds, between January and June 2024.
Breaking these issues down, the report found that over three-quarters (84.2%) of organizations possess unused or longstanding access keys with highly excessive permissions – which could lead to identity-based attacks.
The report's analysis of AWS, Google Cloud, and Microsoft Azure revealed that 23% of cloud identities, both human and not, have severely excessive permissions. This figure rises to 35% in AWS alone.
Critical vulnerabilities also persist, the report said, with CVE-2024-21626 having remained remediated in over 80% of workloads 40 days after it was published. CVE-2024-21338 was also found to be prevalent.
The report found that 74% of organizations have publicly exposed storage assets within their IT environments, including some storage assets that secure sensitive data. This issue is linked to excessive permissions.
Kubernetes was identified in the resort as a concern for this sort of exposure; 78% of organizations have publicly accessible Kubernetes API servers, around 41% of which allow inbound internet access. What’s more, 58% of organizations also have cluster-admin role bindings, giving some users unrestricted access to entire Kubernetes environments, while 44% run containers in privileged mode.
RELATED RESOURCE
The report offers a few suggestions for managing the risk created through these issues. Businesses should closely monitor access to Kubernetes for example, and ensure containers are only privileged when necessary.
Organizations should regularly rotate credentials and avoid using access keys that last for long periods. They should also prioritize remediating vulnerabilities and minimizing exposure by reviewing public assets.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
