Tenable report reveals widespread cloud security risks
Tenable has released new research indicating that 74% of organisations around the world have publicly exposed storage assets, a situation which increases their risk of being targeted by ransomware attacks.
The Tenable Cloud Risk Report 2024 highlights key vulnerabilities affecting cloud environments, identifying inappropriate permissions as a common reason for the exposure of sensitive data. The report analyses data from billions of cloud resources, collected between January and June 2024 through the Tenable Cloud Security platform.
One significant finding of the report is the prevalence of a "toxic cloud triad". This term refers to the combination of workloads that are highly privileged, publicly accessible, and critically vulnerable, affecting 38% of organisations. The report identifies these triads as common entry points for cybercriminals, leading to breaches, service outages, and operational disruptions, with many attacks traced back to these vulnerabilities in the past year.
Geoffrey Jakmakejian, Security Engineer Manager at Tenable ANZ, elaborated on the issue: "With 96% of organisations utilising public cloud assets, having full visibility into cloud environments is critical. It's just as important to determine whether an asset really needs to be made public. If it does, permissions should be downgraded to the minimum level necessary and patches applied promptly."
The report further examines identity and access management, revealing that a significant proportion of organisations, 84%, continue to use outdated access keys with high privilege levels. Such practices have already resulted in high-profile cybersecurity incidents, such as breaches at Capital One and Tesla, where attackers exploited overly permissive access to infiltrate systems.
The report draws attention to "The Growing Threat of Over-Privileged Identities", noting that 23% of cloud identities have unnecessary permissions. Specifically, AWS accounts for 35% of these instances, creating numerous opportunities for exploitation by hackers able to take control of these identities.
Despite warnings, critical vulnerabilities remain widespread. The report highlights that many organisations have left weaknesses unaddressed, using CVE-2024-21626 as an example of a container escape vulnerability which remains unpatched in over 80% of cloud workloads, emphasising the persistence of security gaps even after multiple alerts.
Kubernetes configurations also exhibit security blind spots, with 78% of organisations having publicly accessible Kubernetes API servers and 41% permitting inbound internet access. This, combined with over-privileged roles, significantly increases the risk of breaches.
The findings from Tenable's report underscore the need for organisations to reassess their cloud strategies, focusing on minimising permissions and enhancing patch management to ensure robust security within their cloud infrastructures.