Report finds 34M vulnerabilities across AWS, Google Cloud and Azure
A new report from Unit 42, the threat intelligence team at Palo Alto Networks Inc. has uncovered 34 million vulnerabilities across leading cloud service providers, highlighting that organizations are struggling with securing cloud installations.
Released today, the Cloudy with a Chance of Entropy report analyzed data from January 2018 to June 2019 to uncover the extent of cloud-based threats. Notably, the threats are not the result of cloud providers themselves but the applications customers deploy on cloud infrastructure.
Vulnerabilities on Amazon Web Services Inc.’s Elastic Compute Cloud led the pack with more than 29 million vulnerabilities discovered. Just under 4 million vulnerabilities were found on Google Compute Engine and 1.7 million on Microsoft Corp.’s Azure Virtual Machine.
The vulnerabilities were in the most part avoidable, with outdated Apache servers and vulnerably jQuery packages leading the pack.
The growing popularity of containers also added to the list of cloud security issues. Unit 42 found more than 40,000 container platforms using default configurations exposed to the internet — more than 23,000 Docker containers and slightly more than 20,000 Kubernetes containers.
Hackers are well aware of the situation as well, according to the report. Some 65% of all cloud-related incidents between February 2018 and June 2019 resulted from misconfiguration, the researchers said, with data leakage the No. 1 outcome of the attacks on cloud infrastructure.
One surprising finding in the report was the widespread detection of possible cryptomining malware. The spread of cryptomining malware has been documented in various reports in the past, but the report found 28% of organizations communicating with domains were operated by the Rocke threat group, a Chinese group known for its cryptomining operations.
That doesn’t necessarily mean all 28% were being used for cryptomining, since the Rocke group undertakes various criminal activities including hacking and ransomware. But it’s certainly indicative of a widespread level of infection.
“Security teams must ensure that the golden template used by AWS, GCP, Docker or Kubernetes to deploy production systems is configured to use the latest security patches and versions as directed by the application vendor,” the report concluded. “This will ensure organizations are performing their due diligence in maintaining secure environments and raising the overall security hygiene of their cloud infrastructure.”
Image: Blue Coat Photos/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU