Best of 2019: Cloud customers still making basic security mistakes

By Dylan Bushell-Embling
Friday, 27 December, 2019

Palo Alto Networks' threat intelligence team Unit 42 has uncovered millions of vulnerabilities in cloud instances across the major cloud service providers, demonstrating that shortcomings in on-premises patching habits are carrying over to the cloud.

The team's latest Cloud Threat Risk Report found more than 34 million vulnerabilities originating from the applications cloud customers are deploying to cloud service provider infrastructure.

Unit 42's scans uncovered 29.1 million vulnerabilities in Amazon EC2 instances, 1.7 million in Azure Virtual Machine and 3.9 million in the Google Cloud Platform Compute Engine.

This indicates that lack of basic security expertise and customer mistakes remain the top driver of cloud security incidents and overall cloud-related vulnerabilities, the report states.

The research likewise found more than 40,000 container systems — including nearly 51% of publicly exposed Docker containers — operating under default, insecure configurations. Many such systems allow for unauthenticated access to the data they contain.

Palo Alto estimates that 39% of organisations publicly expose remote desktop protocol port 3389 on cloud hosts. An estimated 61% of organisations are meanwhile using unsecured TLSv1.1 or older protocols.

Around 65% of publicly disclosed cloud security incidents are the result of such misconfigurations, with organisations with at least one remote desktop protocol service exposed to the entire internet accounting for 56%. The top outcome of a cloud security incident involves data leakage.

Meanwhile the cloud threat landscape is continuing to evolve. The report notes that cloud-based malware attacks are becoming increasingly common, but detecting and responding to these attacks has proven to be a difficult task.

Recent examples include an attack by the Chinese-based cybercrime group Rocke, which has been targeting public clouds with cryptomining attacks. An estimated 28% of enterprise cloud users are communicating with known malicious cryptomining command and control domains, Unit 42 said.

To bolster cloud security, Unit 42 recommends that enterprises ensure their security teams can access a real-time view of their cloud environments across virtual machines, containers and serverless applications.

Security should also be integrated into DevOps workflows, and enterprises should harden their cloud applications and workloads while maintaining runtime protection.

Image credit: ©stock.adobe.com/au/monsitj

This article was first published on 29 July, 2019.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.