Vulnerabilities in the development of cloud infrastructure are creating significant security risks concludes the Unit 42 Cloud Threat Report: Spring 2020 from Palo Alto Networks.
As organisations move to automate more of their cloud infrastructure build processes, they are adopting and creating new infrastructure as code (IaC) templates. Without the help of the right security tools and processes, these infrastructure building blocks are being crafted with rampant vulnerabilities says the report.
- 199,000+ insecure templates in use: Previous research by Unit 42 shows 65 percent of cloud incidents were due to simple misconfigurations. These new report found high- and medium-severity vulnerabilities throughout its investigation and looked at why cloud misconfigurations are so common.
- 43 percent of cloud databases not encrypted: Keeping data encrypted not only prevents attackers from reading stored information, it is a requirement of various compliance standards.
- 60 percent of cloud storage services have logging disabled: Storage logging is critical when attempting to determine the scale of the damage in cloud incidents.
- Cybercrime groups are using the cloud for cryptojacking: Adversary groups likely associated with China, including Rocke, 8220 Mining Group and Pacha, are stealing cloud resources. They are mining for Monero, likely through public mining pools or their own pools.
Matthew Chiodi, chief security officer of public cloud for Palo Alto Networks, notes: “It only takes one misconfiguration to compromise an entire cloud environment. We found 199,000 of them. The good news is infrastructure as code can offer security teams many benefits, such as enabling security to be injected early into the software development process and embedding it into the very building blocks of an organisation’s cloud infrastructure.”