The Palo Alto Networks threat intelligence team Unit 42, recently released its Cloud Threat Risk Report, which highlights key insights from public cloud incidents spanning the first half of 2019.
The report reveals that a lack of basic security expertise and customer mistakes continue to be the biggest driver of cloud security incidents and overall cloud-related vulnerabilities – and this problem will only get worse as cloud adoption grows and these environments become increasingly complex.
Key findings include:
- Poor patching habits are creating vulnerabilities: Unit 42 identified more than 34 million vulnerabilities across AWS, Azure and GCP, underlying the need for prioritization of patching.
- 29,128,902 vulnerabilities in AWS EC2
- 1,715,855 vulnerabilities in Azure Virtual Machine
- 3,971,632 vulnerabilities in GCP Compute Engine
- Data exposure rising with container adoption: Unit 42 discovered more than 40,000 container platforms using default configurations exposed to the internet, allowing for identification using the simplest of search terms.
- 23,354 Docker containers
- 20,353 Kubernetes containers
- Cloud complexity yielding low-hanging fruit for attackers: Over the last 18 months, 65%of reported incidents were due to misconfigurations, leading to data leakage being theNo. 1 outcome of attacks on cloud infrastructure.
- Malware extending its reach to the cloud: Unit 42 found 28% of organizations communicating with malicious cryptomining C2 domains operated by the threat group Rocke. Unit 42 has been closely tracking the group and noted the group’s unique tactics, techniques and procedures (TTPs), giving them the ability to disable and uninstall agent-based cloud security tools.