Itpa webheader

Cloud customers still making basic security mistakes

By Dylan Bushell-Embling
Monday, 29 July, 2019

Cloud customers still making basic security mistakes

Palo Alto Networks' threat intelligence team Unit 42 has uncovered millions of vulnerabilities in cloud instances across the major cloud service providers, demonstrating that shortcomings in on-premises patching habits are carrying over to the cloud.

The team's latest Cloud Threat Risk Report found more than 34 million vulnerabilities originating from the applications cloud customers are deploying to cloud service provider infrastructure.

Unit 42's scans uncovered 29.1 million vulnerabilities in Amazon EC2 instances, 1.7 million in Azure Virtual Machine and 3.9 million in the Google Cloud Platform Compute Engine.

This indicates that lack of basic security expertise and customer mistakes remain the top driver of cloud security incidents and overall cloud-related vulnerabilities, the report states.

The research likewise found more than 40,000 container systems — including nearly 51% of publicly exposed Docker containers — operating under default, insecure configurations. Many such systems allow for unauthenticated access to the data they contain.

Palo Alto estimates that 39% of organisations publicly expose remote desktop protocol port 3389 on cloud hosts. An estimated 61% of organisations are meanwhile using unsecured TLSv1.1 or older protocols.

Around 65% of publicly disclosed cloud security incidents are the result of such misconfigurations, with organisations with at least one remote desktop protocol service exposed to the entire internet accounting for 56%. The top outcome of a cloud security incident involves data leakage.

Meanwhile the cloud threat landscape is continuing to evolve. The report notes that cloud-based malware attacks are becoming increasingly common, but detecting and responding to these attacks has proven to be a difficult task.

Recent examples include an attack by the Chinese-based cybercrime group Rocke, which has been targeting public clouds with cryptomining attacks. An estimated 28% of enterprise cloud users are communicating with known malicious cryptomining command and control domains, Unit 42 said.

To bolster cloud security, Unit 42 recommends that enterprises ensure their security teams can access a real-time view of their cloud environments across virtual machines, containers and serverless applications.

Security should also be integrated into DevOps workflows, and enterprises should harden their cloud applications and workloads while maintaining runtime protection.

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to

Related Articles

Another week, another privacy breach

As news breaks of 15 million Victorian commuters having their travelling records poorly...

Privacy briefing: are you keeping your customers' data safe?

Join privacy experts and your IT peers to learn best-practice methodologies to help you comply...

Thousands of devices at risk from BlueKeep exploit: ASD

Up to 50,000 devices owned by Australian organisations are at risk following the discovery of a...

  • All content Copyright © 2019 Westwick-Farrow Pty Ltd