Tenable today released the Tenable Cloud Risk Report 2024, highlighting that organisations globally and in India are unknowingly exposed to the “toxic cloud triad,” a trifecta of cloud security risks that could lead to severe data breaches and financial losses.
The report is based on extensive analysis of billions of cloud assets across data gathered from billions of cloud assets across multiple public cloud environments. The data collected during the first half of 2024 (Jan – Jun) includes a comprehensive set of cloud workload and configuration information from real-world cloud assets in active production.
The Toxic Cloud Triad
With the rapid adoption of cloud technology across industries in APAC, the report underscores the challenges posed by misconfigurations, excessive permissions, and critical vulnerabilities that open doors to threat actors. The findings reveal that 38% of organisations have at least one publicly exposed, critically vulnerable, and highly privileged cloud workload, forming the toxic cloud triad.
Many breaches reported worldwide in 2024 resulted from 1-day vulnerabilities exploited on exposed workloads. Of these, some of the most dangerous breaches involved lateral movement by using the privileges of the compromised workloads.
“With cyber risks spreading across every corner of the business, the threat level has become unsustainable,” said Rajnish Gupta, Country Manager, Tenable India. “To tackle the biggest vulnerabilities, organisations need to understand toxic cloud triads and other risky combinations—and know exactly what data is exposed. Attackers exploit the gaps, slipping through outdated defences that can’t keep up or react fast enough.”
Additional key findings from Tenable’s Cloud Research team include:
84% of organisations have risky access keys to cloud resources: The majority of organisations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses a substantial risk.
23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions.
Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing.
74% of organisations have publicly exposed storage: 74% of organisations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks.
78% of organisations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organisations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.