Tenable Research Finds 74% of Organisations Have Publicly Exposed Storage Assets, Increasing Risk of Ransomware Attacks
New research byย
Tenableยฎ, the exposure management company, highlights a growing set of challenges, revealing that many organisations globally, including Australia, are alarmingly unprepared for the increasing complexities and critical risks inherent in modern cloud environments.
Theย
Tenable Cloud Risk Report 2024, published today, reveals that a staggering 74% of organisations have publicly exposed storage assets, including those containing sensitive data, making them vulnerable to ransomware attacks. This exposure is often caused by unnecessary or excessive permissions, granting wider access to cloud-stored information than required.
The Tenable report was created by analysing information gathered from billions of cloud resources from across multiple public clouds, all scanned through the Tenable Cloud Security platform. The data cited in this report was collected from January through June 2024. It provides a deep dive into the most pressing cloud security issues observed over that period, highlighting areas such as identities and permissions, containers, workloads, vulnerabilities, storage and Kubernetes.
Toxic cloud triad – the perfect storm for cyberattacks
One of the reportโs most pressing revelations exposes a “toxic cloud triad” affecting more than one-third (38%) of organisations. These high-risk workloads, which are simultaneously highly privileged, publicly accessible, and critically vulnerable, create a direct attack path for cybercriminals, potentially leading to devastating breaches, service outages, and operational disruptions.
The report warns that this toxic combination is not a rare occurrence but an all-too-common weak point in cloud infrastructures around the world. In 2024 alone, many global breaches were traced back to these vulnerable workloads, with attackers exploiting 1-day vulnerabilities to gain a foothold and move laterally within networks.
Failures in identity and access management
Exposed workloads are only part of the problem. The report also sheds light on widespread failures in identity and access management (IAM). A majority of organisations (84%) still rely on outdated or unused access keys with high levels of privilege, leaving critical entry points open for exploitation. Such security gaps have already led to high-profile breaches, including those at Capital One and Tesla, where cybercriminals took advantage of over-privileged access to wreak havoc.
โWith 96% of organisations utilising public cloud assets, having full visibility into cloud environments is critical,โ said Geoffrey Jakmakejian, Security Engineer Manager, Tenable ANZ. โItโs just as important to determine whether an asset really needs to be made public. If it does, permissions should be downgraded to the minimum level necessary and patches applied promptly.โ
Report highlights include:
-
The Growing Threat of Over-Privileged Identities
23% of cloud identities have permissions far exceeding what is necessary, with AWS alone seeing 35% of human identities granted critical permissions. This excessive access creates multiple opportunities for breaches, particularly when hackers gain control of these over privileged accounts.
-
Vulnerabilities Persist, Despite Warnings
Another key finding in the report is the persistence of critical vulnerabilities. Even after multiple industry warnings, many organisations continue to leave severe flaws unpatched. One example is CVE-2024-21626, a dangerous container escape vulnerability that remains unaddressed in over 80% of cloud workloads.
-
Kubernetes Blind Spots
78% of organisations have publicly accessible Kubernetes API servers, and 41% allow inbound internet access. This, combined with overprivileged roles within the Kubernetes environment, poses a considerable threat.