paulbates Posted July 26, 2019 Share Posted July 26, 2019 This is not an anti-cloud post, more about keeping security in mind when using it. https://siliconangle.com/2019/07/24/report-finds-34m-vulnerabilities-across-aws-google-cloud-azure/ Report finds 34M vulnerabilities across AWS, Google Cloud and Azure BY DUNCAN RILEY A new report from Unit 42, the threat intelligence team at Palo Alto Networks Inc. has uncovered 34 million vulnerabilities across leading cloud service providers, highlighting that organizations are struggling with securing cloud installations. Released today, the Cloudy with a Chance of Entropy report analyzed data from January 2018 to June 2019 to uncover the extent of cloud-based threats. Notably, the threats are not the result of cloud providers themselves but the applications customers deploy on cloud infrastructure. Vulnerabilities on Amazon Web Services Inc.’s Elastic Compute Cloud led the pack with more than 29 million vulnerabilities discovered. Just under 4 million vulnerabilities were found on Google Compute Engine and 1.7 million on Microsoft Corp.’s Azure Virtual Machine. The vulnerabilities were in the most part avoidable, with outdated Apache servers and vulnerably jQuery packages leading the pack. The growing popularity of containers also added to the list of cloud security issues. Unit 42 found more than 40,000 container platforms using default configurations exposed to the internet — more than 23,000 Docker containers and slightly more than 20,000 Kubernetes containers. Hackers are well aware of the situation as well, according to the report. Some 65% of all cloud-related incidents between February 2018 and June 2019 resulted from misconfiguration, the researchers said, with data leakage the No. 1 outcome of the attacks on cloud infrastructure. One surprising finding in the report was the widespread detection of possible cryptomining malware. The spread of cryptomining malware has been documented in various reports in the past, but the report found 28% of organizations communicating with domains were operated by the Rocke threat group, a Chinese group known for its cryptomining operations. That doesn’t necessarily mean all 28% were being used for cryptomining, since the Rocke group undertakes various criminal activities including hacking and ransomware. But it’s certainly indicative of a widespread level of infection. “Security teams must ensure that the golden template used by AWS, GCP, Docker or Kubernetes to deploy production systems is configured to use the latest security patches and versions as directed by the application vendor,” the report concluded. “This will ensure organizations are performing their due diligence in maintaining secure environments and raising the overall security hygiene of their cloud infrastructure.” Link to comment
MWareman Posted July 28, 2019 Share Posted July 28, 2019 It’s amazing how many people I have spoken to that are not aware of the shared responsibility security model that the various cloud providers implement. Many seem to think that Amazon/Microsoft/Google etc just keep things secure for you...The cloud provider is responsible for the security OF the cloud. The customer is responsible for being secure IN the cloud.Containers present their own special challenges. As the article states, patching is the biggest gap. It’s not uncommon to find highly elastic Docker environments where the base image has not been patched since the solution was implemented. Link to comment
larryllix Posted July 28, 2019 Share Posted July 28, 2019 Why would they care what my data is? I don't even know the people in the cloud! (sarc) Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.