Isolated risks lead to bigger issues: Orca also warns that half of organizations have assets exposing attack paths that can lead to sensitive data exposure, as well as 23% with paths that lead to broad permission access and compromised hosts. Attack paths are the combination of risks that appear isolated but can be combined to lead to bigger compromises.For example, Orca found that over a third of organizations had at least one asset that created more than 100 attack paths, with one in 10 having assets with more than 1,000 attack paths. The most toxic asset identified by Orca in its dataset was responsible for 165,142 attack paths.Data exposure is a common issue with one in three organizations having publicly exposed storage buckets or databases with sensitive data in them.”Threat actors prize sensitive data, especially at a time when the demand for data continues to increase amid AI innovation,” the Orca team wrote. “It underscores a troubling trend that calls for more attention on data security.”
Identity threats: While vulnerabilities were the second most common initial access vector found in Verizon’s DBIR, abused credentials once again took the top spot. Identities that can be abused for initial access or lateral movement include not just end-user credentials but also API keys, access tokens, service accounts, cloud functions, and other non-human identities (NHIs) used by machines, services, and workloads.”Our analysis finds that NHIs outnumber their human counterparts by an average of 50:1,” the Orca team said. “Yet NHIs, when left unsecured, can dramatically increase cloud risks. This is especially true when users grant NHIs more permissions than they need.”Orca found that 77% of organizations that use AWS have at least one service account with permissions across two or more accounts and 12% of orgs have permissive roles attached to more than 50 instances. Some of these roles, once created, remain unused, with almost 90% of orgs having IAM credentials that were not used in over 90 days.Many secrets that enable access to sensitive resources are exposed through source code repositories (85%) and over half of plaintext secrets remain embedded in Git history even if they are removed from the latest version of the code.On top of exposed secrets, attackers can also take advantage of misconfigurations in infrastructure-as-code templates (20% of orgs), Lambda functions (77% of orgs), and source code management platforms such as GitHub and GitLab (57% of orgs).”Cloud security has reached a critical turning point,” the Orca team concluded. “As organizations increasingly rely on the cloud to accelerate innovation and growth, several converging trends are reshaping the challenges security teams face, and the strategies they need to stay ahead.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4003365/cloud-assets-have-115-vulnerabilities-on-average-some-several-years-old.html
