Cybersecurity

Unit 42: Organizations struggle with public cloud platforms challenges

Unit 42, cybersecurity firm Palo Alto Networks threat intelligence team, recently released its latest “Cloud Threat Report,” which shows that organizations continue to struggle with securing public cloud platforms. The report highlights key insights on cloud threats based on intelligence gathered from multiple data sources between January 2018 and late June 2019.

Researchers found out that there are shortcomings in on-premises patching habits that are being carried over to the cloud. The report also reveals that there more than 34 million vulnerabilities across various cloud service providers (CSPs). These vulnerabilities originate from the applications customers deploy to CSP infrastructures, such as outdated Apache servers and vulnerable jQuery packages.

Unit 42 identified about 29,128,902 vulnerabilities in Amazon Elastic Compute Cloud, 1,715,855 in Azure Virtual Machine, and 3,971,632 in GCP Compute Engine.

Patching is a struggle, as many standalone vulnerability management tools lack cloud context and remain scattered across multiple consoles. The group said organizations need to consolidate tools in order to create a cloud-centric view.

Default and unsecured container configurations are rampant. Unit 42 research reveals more than 40,000 container systems operate under default configurations. This represents nearly 51% of all publicly exposed Docker containers. Many of the systems identified allowed for unauthenticated access to the data they contained. The group recommends at least placing every container with sensitive data behind a properly configured security policy or an external-facing firewall that prevents access from the internet.

Cloud complexity is yielding low-hanging fruit for attackers. Regarding publicly disclosed cloud security incidents, 65% were the result of misconfigurations. Organizations that had at least one Remote Desktop Protocol (RDP) service exposed to the entire internet amounted to 56%, despite the fact that all major cloud providers natively give consumers the ability to restrict inbound traffic. This represents an opportunity to consolidate cloud-based network controls with well-established on-premises management systems.

Malware has extended its reach to the cloud. Unit 42 found 28% of organizations communicating with malicious crypto mining C2 domains operated by the threat group Rocke. We have been closely tracking the group and noted the group’s unique tactics, techniques and procedures (TTPs), giving them the ability to disable and uninstall agent-based cloud security tools. Timely and consistent patching schedules for cloud-based systems are an expedient way to slow similar malware threats.

Image from Pixabay