Cloud Security Wake-up Call: Orca Security Exposes Widespread Vulnerabilities

By Greg Tavarez, TMCnet Editor  |  March 05, 2024

The migration to cloud environments has no doubt changed how businesses operate. The cloud offers better scalability, agility and cost-efficient opportunities. However, this shift has also introduced new security challenges that demand constant vigilance and proactive measures.

To help them against security challenges, organizations obviously need security solutions; additionally, they require comprehensive and up-to-date insights. In this context, Orca Security, an innovator in agentless cloud security, plays a crucial role.

The recently released 2024 State of Cloud Security Report by Orca Security sheds light on the current state of cloud security and outlines the most prevalent and concerning threats discovered in real-world production environments.

The report highlights critical vulnerabilities and shortcomings in cloud infrastructure, including neglected assets vulnerabilities, misconfigured data storage risks, code vulnerabilities imperil production environments, rising risks of expose Kubernetes API services, cloud-based AI model vulnerabilities and the lack of basic security practices.

Let’s break down each of these.

The report indicates that a portion of organizations overlook assets, leaving them susceptible to exploitation. These neglected assets, often operating on unsupported systems or lacking recent patches, present a glaring security risk. With four out of five organizations exposing public-facing neglected assets through open ports, attackers find themselves with an easy entry point into vulnerable systems. Ports such as 80, 443, 8080, 22, 3389, or 5900, widely targeted by malicious actors, become prime targets.

Another concerning finding highlights the prevalence of misconfigured data storage, which puts sensitive information at risk. 21% of organizations possess public-facing storage buckets containing sensitive data accessible to anyone. Such oversight heightens the likelihood of data breaches, ransomware attacks, reputational harm and regulatory non-compliance. Organizations are urged to prioritize stringent data storage protocols.

The report's analysis reveals a pervasive issue of severe vulnerabilities within codebases, poised to impact production environments. These vulnerabilities (rated with a CVSS score exceeding 7) pose a substantial threat, potentially leading to data breaches, system compromises and supply chain attacks. With nearly two-thirds of organizations affected, urgent action is imperative to bolster code security and mitigate potential risks effectively.

As the adoption of Kubernetes surges, the report notes a concerning uptick in publicly accessible API servers. 82% of organizations have exposed Kubernetes API servers, marking a 12% increase from previous reports. While some access may be intentional for testing purposes, the majority stems from misconfigurations. Therefore, there is a need for robust security measures to safeguard against unauthorized access and potential breaches.

Furthermore, the report shows the vulnerability of cloud-based AI models, particularly those built using platforms like Amazon SageMaker. Around 80% of SageMaker users have at least one notebook exposed to the internet, posing risks of unauthorized access to proprietary code. Such breaches could potentially lead to remote code execution.

Lastly, the report identifies persistent gaps in basic security practices. For instance, 61% of organizations have root users or account owners without MFA (News - Alert), which leaves them vulnerable to credential-based attacks. Implementing MFA offers a simple yet effective means of enhancing authentication assurance. This reduces the risk of unauthorized access and strengthens overall security posture.

"The past year has seen shrinking budgets and an unprecedented economic climate that's put cybersecurity defenders at a disadvantage," said Gil Geron, CEO and co-founder of Orca Security. "Cloud environments have become more complex than ever before. Despite these challenges, security teams can stay one step ahead of their attackers, not by trying to address all risks, but by prioritizing and efficiently remediating the most critical risks that put their business-critical assets at risk.”

The findings serve as a wake-up call for cybersecurity and cloud teams to reassess their own environments and address the particularly troubling security gaps identified.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]