During the first part of this year, a study released this week analyzed telemetry from clients of cloud security provider Tenable, revealing that 38% of organizations had at least one cloud workload that was critically vulnerable, had highly privileged access, and was publicly exposed.
The findings indicate that this combination of risks, termed the “toxic cloud triad,” establishes a significant threat landscape, positioning these workloads as major targets for cybercriminals.
As a result, the study highlighted that “more than one-third of organizations may find themselves in the news tomorrow” due to potential security breaches.
Moreover, even possessing workloads with just one or two of these risk factors can lead to substantial security challenges for any organization, according to the research.
According to Jeremy Roberts, a senior research director at Info-Tech Research Group, end-user organizations share some of the responsibility for the issues surrounding cloud security, though he was not involved in the specific study.
“The cloud serves as a tool like any other; its effectiveness depends on how it is used,” he explained. “Numerous cloud incidents are not due to the service provider but stem from poor management practices, as seen in the 2019 Capital One breach. Regular audits of permissions, implementation of zero trust principles, and employing central management methods are critical in establishing a standardized security framework.”
The study found that 74% of organizations had publicly accessible storage, some of which contained sensitive information. This exposure was often a result of unnecessary or excessive permissions. Furthermore, it stated, “as organizations increase their adoption of cloud-native applications, the volume of sensitive data stored also rises — encompassing customer details, employee data, and proprietary business information. Hackers are motivated to access such data stored in the cloud.” Consequently, many reported ransomware attacks during the observation period focused on public cloud resources with excessive access rights that could have been avoided.
An analysis of the exposed storage data indicated that 39% of organizations possessed public buckets, 29% had either public or private buckets with overprivileged access, and 6% had public buckets that exhibited overprivileged access.
However, storage is not the sole concern. A troubling 84% of organizations possess unused or long-standing access keys characterized by critical or high severity excessive permissions. The study indicated that these keys “have played major roles in numerous identity-based attacks and compromises.” It referenced notable incidents such as the data breach at MGM Resorts, the Microsoft email hack, and the FBot malware, which targets web servers, cloud services, and software-as-a-service. This malware achieves persistence and spreads on AWS through AWS IAM (identity and access management) users, demonstrating how misuse of these keys can occur.
The report highlighted that “Core to IAM risks are access keys and their assigned permissions; combined, they are literally the keys to the kingdom of cloud-stored data.”
Compounding the problem is the fact that 23% of cloud identities across major hyperscalers—namely Amazon Web Services, Google Cloud Platform, and Microsoft Azure—both human and non-human, possess critical or high severity excessive permissions, creating a perfect storm for potential disasters.
This issue, according to Scott Young, principal advisory director at Info-Tech Research Group, is partially attributed to human nature.
“The significant number of critical permissions assigned to human accounts highlights a common tendency to choose the easiest route; however, this ease is intentionally designed to prevent issues,” remarked Young. “Striving for a smoother experience while navigating systems can lead to severe repercussions if an account is compromised.”
The research revealed that a staggering 78% of organizations have Kubernetes API servers that are accessible to the public, with 41% of these allowing incoming internet connections, which is described as “worrisome.” Furthermore, 58% of the organizations grant specific users unrestricted authority over their Kubernetes environments, while 44% operate containers in privileged mode, both of which greatly increase security vulnerability.
In addition to these vulnerabilities stemming from misconfigurations, more than 80% of workloads are affected by a critical CVE, including CVE-2024-21626, a significant container escape vulnerability, despite the availability of patches.
Tenable has recommended several mitigation strategies aimed at helping organizations minimize their exposure to these risks.
Young pointed out that the solution to avoiding security issues is not a recent discovery.
“The pattern of hacking techniques remains consistent; an attacker must locate you, breach a vulnerable entry point, and then navigate laterally to uncover something of value,” he explained. “Tenable’s findings indicate that, on the whole, we are lagging in securing our entry points and in safeguarding and managing accounts to curtail lateral movement, especially as the cloud simplifies the discovery process. Without a significant enhancement in advancing our security measures, clear-cut procedures, and meticulous auditing, complemented by automation and orchestration for efficiency and uniformity, we are unlikely to see a considerable drop in these figures. Ultimately, this report strongly advocates for a well-managed Governance, Risk, and Compliance framework.”
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.