Report finds 34M vulnerabilities across AWS, Google Cloud and Azure
A new report from Unit 42, the threat intelligence team at Palo Alto Networks Inc. has uncovered 34 million vulnerabilities across leading cloud service providers, highlighting that organizations are struggling with securing cloud installations.
Released today, the Cloudy with a Chance of Entropy report analyzed data from January 2018 to June 2019 to uncover the extent of cloud-based threats. Notably, the threats are not the result of cloud providers themselves but the applications customers deploy on cloud infrastructure.
Vulnerabilities on Amazon Web Services Inc.’s Elastic Compute Cloud led the pack with more than 29 million vulnerabilities discovered. Just under 4 million vulnerabilities were found on Google Compute Engine and 1.7 million on Microsoft Corp.’s Azure Virtual Machine.
The vulnerabilities were in the most part avoidable, with outdated Apache servers and vulnerably jQuery packages leading the pack.
The growing popularity of containers also added to the list of cloud security issues. Unit 42 found more than 40,000 container platforms using default configurations exposed to the internet — more than 23,000 Docker containers and slightly more than 20,000 Kubernetes containers.
Hackers are well aware of the situation as well, according to the report. Some 65% of all cloud-related incidents between February 2018 and June 2019 resulted from misconfiguration, the researchers said, with data leakage the No. 1 outcome of the attacks on cloud infrastructure.
One surprising finding in the report was the widespread detection of possible cryptomining malware. The spread of cryptomining malware has been documented in various reports in the past, but the report found 28% of organizations communicating with domains were operated by the Rocke threat group, a Chinese group known for its cryptomining operations.
That doesn’t necessarily mean all 28% were being used for cryptomining, since the Rocke group undertakes various criminal activities including hacking and ransomware. But it’s certainly indicative of a widespread level of infection.
“Security teams must ensure that the golden template used by AWS, GCP, Docker or Kubernetes to deploy production systems is configured to use the latest security patches and versions as directed by the application vendor,” the report concluded. “This will ensure organizations are performing their due diligence in maintaining secure environments and raising the overall security hygiene of their cloud infrastructure.”
Image: Blue Coat Photos/Flickr
Since you’re here …
Show your support for our mission by our 1-click subscribe to our YouTube Channel (below) — The more subscribers we have the more then YouTube’s algorithm promotes our content to users interested in #EnterpriseTech. Thank you.
Support Our Mission: >>>>>> SUBSCRIBE NOW >>>>>> to our Youtube Channel
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.