SECURITY
SECURITY
SECURITY
Report finds 34M vulnerabilities across AWS, Google Cloud and Azure
A new report from Unit 42, the threat intelligence team at Palo Alto Networks Inc. has uncovered 34 million vulnerabilities across leading cloud service providers, highlighting that organizations are struggling with securing cloud installations.
Released today, the Cloudy with a Chance of Entropy report analyzed data from January 2018 to June 2019 to uncover the extent of cloud-based threats. Notably, the threats are not the result of cloud providers themselves but the applications customers deploy on cloud infrastructure.
Vulnerabilities on Amazon Web Services Inc.’s Elastic Compute Cloud led the pack with more than 29 million vulnerabilities discovered. Just under 4 million vulnerabilities were found on Google Compute Engine and 1.7 million on Microsoft Corp.’s Azure Virtual Machine.
The vulnerabilities were in the most part avoidable, with outdated Apache servers and vulnerably jQuery packages leading the pack.
The growing popularity of containers also added to the list of cloud security issues. Unit 42 found more than 40,000 container platforms using default configurations exposed to the internet — more than 23,000 Docker containers and slightly more than 20,000 Kubernetes containers.
Hackers are well aware of the situation as well, according to the report. Some 65% of all cloud-related incidents between February 2018 and June 2019 resulted from misconfiguration, the researchers said, with data leakage the No. 1 outcome of the attacks on cloud infrastructure.
One surprising finding in the report was the widespread detection of possible cryptomining malware. The spread of cryptomining malware has been documented in various reports in the past, but the report found 28% of organizations communicating with domains were operated by the Rocke threat group, a Chinese group known for its cryptomining operations.
That doesn’t necessarily mean all 28% were being used for cryptomining, since the Rocke group undertakes various criminal activities including hacking and ransomware. But it’s certainly indicative of a widespread level of infection.
“Security teams must ensure that the golden template used by AWS, GCP, Docker or Kubernetes to deploy production systems is configured to use the latest security patches and versions as directed by the application vendor,” the report concluded. “This will ensure organizations are performing their due diligence in maintaining secure environments and raising the overall security hygiene of their cloud infrastructure.”
Image: Blue Coat Photos/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
