AWS, Azure and Google Cloud credentials from old accounts are putting businesses at risk

Report warns long-lived credentials remain a significant security risk
Outdated access keys increase vulnerability across cloud platforms
Automated credential management is crucial for cloud security

As cloud computing adoption continues to rise, organizations increasingly rely on platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud for their infrastructure and services, however, this means their security risks also grow more complex.

The recent Datadog State of Cloud Security 2024 report reveals one particularly concerning issue – the use of long-lived credentials, which pose significant security threats across all major cloud providers.

Despite advancements in cloud security tools and practices, many organizations still use long-lived credentials, which do not expire automatically.

The prevalence of long-lived credentials

Long-lived credentials, particularly those that are no longer actively managed, can serve as an easy target for attackers. If leaked or compromised, they could provide unauthorized access to sensitive data or systems. The longer these credentials remain in place without rotation or monitoring, the greater the risk of a security breach.

Datadog’s report reveals nearly half (46%) of organizations still have unmanaged users with long-lived credentials. These credentials are particularly problematic because they are often embedded in various assets such as source code, container images, and build logs. If these credentials are not properly managed, they can easily be leaked or exposed, providing an entry point for attackers to access critical systems and data.

Almost two-thirds 62% of Google Cloud service accounts, 60% of AWS Identity and Access Management (IAM) users, and 46% of Microsoft Entra ID applications have access keys that are more than a year old.

In response to these risks, cloud providers have been making strides toward improving security. Datadog’s report notes that the adoption of cloud guardrails is on the rise. These guardrails are automated rules or configurations designed to enforce security best practices and prevent human error.

For instance, 79% of Amazon S3 buckets now have either account-wide or bucket-specific public access blocks enabled, up from 73% the previous year. However, while these proactive measures are a step in the right direction, long-lived credentials remain a major blind spot in cloud security efforts.

Furthermore, the report added there is a conspicuously high number of cloud resources with overly permissive configurations.

About 18% of AWS EC2 instances and 33% of Google Cloud VMs were found to have sensitive permissions that could potentially allow an attacker to compromise the environment. In cases where a cloud workload is breached, these sensitive permissions can be exploited to steal associated credentials, enabling attackers to access the broader cloud environment.

In addition, there is the risk of third-party integrations, which are common in modern cloud environments. More than 10% of third-party integrations examined in the report were found to have risky cloud permissions, potentially allowing the vendor to access sensitive data or take control of the entire AWS account.

What’s more, 2% of these third-party roles do not enforce the use of External IDs, leaving them susceptible to a “confused deputy” attack, a scenario where an attacker tricks a service into using its privileges to perform unintended actions.

“The findings from the State of Cloud Security 2024 suggest it is unrealistic to expect that long-lived credentials can be securely managed,” said Andrew Krug, Head of Security Advocacy at Datadog.

“In addition to long-lived credentials being a major risk, the report found that most cloud security incidents are caused by compromised credentials. To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage short-lived credentials and actively monitor changes to APIs that attackers commonly use,” Krug added.

https://cdn.mos.cms.futurecdn.net/UpZ4RY9bVuxJmQZZW8iraj-1200-80.jpg

Source link
udinmwenefosa@gmail.com (Efosa Udinmwen)

I saw wireless earbuds that are also air purifiers, and they claim to be a maskless mask

Why a dehumidifier is your secret weapon for a cosy home with lower heating bills this winter

The Samsung Galaxy S25 Ultra may quietly ditch this excellent S Pen feature

Man City vs Salford City live stream: watch FA Cup online free

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

AWS, Azure and Google Cloud credentials from old accounts are putting businesses at risk

I saw wireless earbuds that are also air purifiers, and they claim to be a maskless mask

Why a dehumidifier is your secret weapon for a cosy home with lower heating bills this winter

The Samsung Galaxy S25 Ultra may quietly ditch this excellent S Pen feature

Man City vs Salford City live stream: watch FA Cup online free

Leave a reply Cancel reply