Common Vulnerabilities and Exposures (CVEs) are a top cause of cloud breaches. Organizations often fail to patch or mitigate these known vulnerabilities. Sometimes, it is due to gaps in visibility regarding the presence of CVEs in their cloud environments. Often, organizations struggle to keep up with the constant stream of vulnerabilities and prioritize their remediation. Gaps in patching both offer a foothold for targeted attacks and also empower untargeted, large-scale exploitation attempts.
The Data on Cloud CVEs - Google Cloud is the only major cloud service provider consistently publishing data on the root causes of cloud compromises. Their H1 2024 Threat Horizons Report found that 11.5% of 2023 cloud compromises involved “vulnerable software” as the initial access vector. Unit 42 published their own data on 2024 Incident Response engagements. In line with Google’s report, Unit 42 found that CVE exploitation is the single most common root cause in 2023. Large-scale exploitation of internet-facing vulnerabilities was the initial access vector in 39% of cases, compared to 28% of cases in 2022. In the prior two years, CVE exploitation had closely trailed social engineering as the second most prominent initial access vector. While this data is not limited to cloud incidents, it is still indicative of the significant role played by CVEs in cloud breaches.[1]
Link to full report: IR-25-153-002_CVEs.pdf
[1] https://www.sentinelone.com/blog/prioritizing-cves-in-the-cloud/
Comments