Itpa webheader

Cloud customers still making basic security mistakes


By Dylan Bushell-Embling
Monday, 29 July, 2019



Cloud customers still making basic security mistakes

Palo Alto Networks' threat intelligence team Unit 42 has uncovered millions of vulnerabilities in cloud instances across the major cloud service providers, demonstrating that shortcomings in on-premises patching habits are carrying over to the cloud.

The team's latest Cloud Threat Risk Report found more than 34 million vulnerabilities originating from the applications cloud customers are deploying to cloud service provider infrastructure.

Unit 42's scans uncovered 29.1 million vulnerabilities in Amazon EC2 instances, 1.7 million in Azure Virtual Machine and 3.9 million in the Google Cloud Platform Compute Engine.

This indicates that lack of basic security expertise and customer mistakes remain the top driver of cloud security incidents and overall cloud-related vulnerabilities, the report states.

The research likewise found more than 40,000 container systems — including nearly 51% of publicly exposed Docker containers — operating under default, insecure configurations. Many such systems allow for unauthenticated access to the data they contain.

Palo Alto estimates that 39% of organisations publicly expose remote desktop protocol port 3389 on cloud hosts. An estimated 61% of organisations are meanwhile using unsecured TLSv1.1 or older protocols.

Around 65% of publicly disclosed cloud security incidents are the result of such misconfigurations, with organisations with at least one remote desktop protocol service exposed to the entire internet accounting for 56%. The top outcome of a cloud security incident involves data leakage.

Meanwhile the cloud threat landscape is continuing to evolve. The report notes that cloud-based malware attacks are becoming increasingly common, but detecting and responding to these attacks has proven to be a difficult task.

Recent examples include an attack by the Chinese-based cybercrime group Rocke, which has been targeting public clouds with cryptomining attacks. An estimated 28% of enterprise cloud users are communicating with known malicious cryptomining command and control domains, Unit 42 said.

To bolster cloud security, Unit 42 recommends that enterprises ensure their security teams can access a real-time view of their cloud environments across virtual machines, containers and serverless applications.

Security should also be integrated into DevOps workflows, and enterprises should harden their cloud applications and workloads while maintaining runtime protection.

Image credit: ©stock.adobe.com/au/monsitj

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related Articles

Mentor the tech professionals of the future

You can help develop the ICT professionals of the future via the Australian Mathematics...

Perspective is a wonderful thing

Some people might not think IT is in the same league as brain surgery, but that doesn't mean...

99% of cyber attacks require humans to click

Research from Proofpoint indicates that 99% of cyber attacks require a human victim to perform an...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd