Almost half (46%) of organizations have unmanaged customers with long-lived credentials in cloud companies, placing them at excessive threat of information breaches, in line with Datadog’s State of Cloud Safety 2024 report.
Lengthy-lived credentials are authentication tokens or keys within the cloud that stay legitimate for a very long time or don’t. They’re a significant explanation for cloud breaches, with attackers having an extended window to efficiently compromise these credentials.
They’ll additionally allow attackers to attain persistent entry, with the identical entry and privileges as the unique proprietor.
The brand new Datadog report discovered that long-lived credentials are widespread throughout all main cloud service suppliers, together with Google Cloud, Amazon Net Providers (AWS) and Microsoft Entra.
Many of those credentials are additionally outdated and even unused, with 60% of Google Cloud service accounts, 60% of AWS Identification and Entry Administration (IAM) customers and 46% of Microsoft Entra ID functions having an entry key older than one 12 months.
Learn now: Cloud Breaches Influence Almost Half of Organizations
Commenting on the findings, Andrew Krug, Head of Safety Advocacy at Datadog, warned that it’s unrealistic for organizations to count on that long-lived credentials could be securely managed, and companies want a method to mitigate these dangers.
“Along with long-lived credentials being a significant threat, the report discovered that the majority cloud safety incidents are brought on by compromised credentials. To guard themselves, corporations have to safe identities with fashionable authentication mechanisms, leverage short-lived credentials and actively monitor adjustments to APIs that attackers generally use,” he commented.
Dangerous Cloud Permissions Prevalent
The report additionally discovered that 18% of AWS EC2 situations and 33% of Google Cloud VMs have delicate permissions to a mission. These permissions put organizations at greater threat of damaging breaches as a result of they allow any attacker who compromises the workload to steal related credentials and entry the cloud surroundings.
Moreover, 10% of third-party integrations have dangerous cloud permissions, permitting the seller to entry all knowledge within the account or to take over the entire account.
The analysis additionally recognized that 2% of third-party integration roles don’t implement the usage of Exterior IDs, which permits an attacker to compromise them by a “confused deputy” assault. That is the place an entity that does not have permission to carry out an motion can coerce a more-privileged entity to carry out the motion.
Encouragingly, Datadog discovered that the adoption of cloud guardrails has elevated prior to now 12 months. For instance, 79% of S3 buckets are lined by an account-wide or bucket-specific S3 Public Entry Block, up from 73% in 2023.
This pattern is because of cloud suppliers beginning to allow guardrails by default, the seller mentioned.
