Unpatched vulnerabilities are the most common entry point observed by IBM researchers. ("Coding Javascript" by Christiaan Colen is licensed under CC BY-SA 2.0.)

IBM Security X-Force on Wednesday reported that amid a sixfold increase in new cloud vulnerabilities over the past six years, 26% of cloud compromises that X-Force responded to were caused by attackers exploiting unpatched vulnerabilities.

In a blog post, X-Force said the exploitation of unpatched vulnerabilities had become the most common entry point the IBM researchers observed. They also report that in 99% of pen tests, X-Force Red compromised IBM client cloud environments through users’ excess privileges and permissions.

The researchers said this was significant because this type of access could let attackers pivot and move laterally across a victim’s environment.

Organizations today find it very challenging to patch these new cloud vulnerabilities before they are exploited by attackers, said Claude Mandy, chief evangelist, data security at Symmetry Systems. Mandy said this requires organizations to prioritize which vulnerabilities get patched first, not only find them.

“Prioritization of vulnerabilities should consider a number of factors including the severity, existence of public exploits, and accessibility of the vulnerability and the business criticality and sensitivity of the asset and data at risk,” Mandy said. “In the cloud, the complexity and scale quickly becomes unmanageable without use of vulnerability prioritization technology. However even within these technologies, they are unable to map what the impact of an exploited within the broader environment, because a lack of understanding of the data blast radius." 

John Yun, vice president, product strategy at ColorTokens, said it’s clear that organizations are struggling with addressing vulnerabilities in the cloud. Yun said with the rapid pace of adoption, he’s afraid fundamental security hygiene, such as assessing vulnerabilities and applying patches are not being followed with the same level of rigor as on-premises environments.

“Cloud workloads with unpatched vulnerabilities are just as susceptible to exploitation as on-premises servers – possibly more so with attackers leveraging the benefits of the cloud ‘s anywhere access,” Yun said. “While many consider OS vulnerabilities the source of this challenge, vulnerabilities from third-party libraries relied on by many applications can pose an even bigger challenge. Regular analysis of the cloud workload for vulnerabilities and assessment in run-time is critical for organizations to identify vulnerabilities and rapidly address possible exploitation and attacks.”