According to a Chance of Entropy report from Unit 42, the threat intelligence team at Palo Alto Networks Inc., the recent public cloud security issue highlights the fact that cloud security incidents and overall cloud security vulnerabilities occur from time to time. The main reason is that the application customers lack basic safety professional knowledge, and deploy threats on cloud infrastructure themselves. This situation will be further exacerbated as the use of the cloud continues to grow and the environment becomes more complex. This situation will get worse as the cloud usage grows and environments become more complex.
The report pointed out that the three public cloud platforms have security risks to some extent, such as many vulnerabilities caused by poor patching habits. According to urgency of the patch needs, Unit 42 team detected more than 34 million vulnerabilities on AWS, Azure and Google Cloud platforms.
The adoption of container technology has increased the chances of data breaches. The team found that more than 40,000 Internet-connected container platforms were configured by default.
When using the simplest of search terms, 23354 Docker containers can be found. Among them, a total of 6,015 Docker containers in mainland China are exposed to the Internet, ranking the first among all countries and regions, followed by 4,617 in the United States, 2,119 in Germany, 1,960 in Hong Kong and 1,639 in France.
Besides, 20,353 Kubernetes containers can be found. A total of 11,425 Kubernetes containers in the United States were exposed to the Internet, ranking first in all countries and regions, followed by 2,834 in Ireland, then 2,529 in Germany, 793 in Singapore, and 522 in Australia.
The complexity of the cloud determines that it is the most vulnerable one. In the past 18 months, 65% of the disclosed cybersecurity incidents were caused by configuration errors. Data breaches have become the first major consequence of attacks on cloud infrastructure.
Malware starts to reach out to the cloud platforms. Currently, it is found out that 28% of the groups were communicating with cryptocurrency mining malware C2, which is controlled by threat group Rocke.
The team had closely monitored the group and discovered its tactics，techniques and procedures and TTP that can be disabled or uninstalled by agent-based cloud security tools
Published by Emerson L. Sullivan & last updated on August 22, 2019 7:45 am