Palo Alto Networks has released a research that shows how vulnerabilities in the development of cloud infrastructure are creating significant security risks.
In its Cloud Threat Report for Spring 2020, Unit 42, the global threat intelligence team at Palo Alto Networks, investigates why cloud misconfigurations happen so frequently. It finds that as organizations move to automate more of their cloud infrastructure build processes, they are adopting and creating new infrastructure as code (IaC) templates. Without the help of the right security tools and processes, these infrastructure building blocks are being crafted with rampant vulnerabilities.
Unit 42 researchers found more than 199,000 insecure templates in use, and identified high- and medium-severity vulnerabilities throughout their investigation. Previous research by Unit 42 shows 65% of cloud incidents were due to simple misconfigurations. These new report findings shed light on why cloud misconfigurations are so common.
Among other findings, the report found that 43% of cloud databases are not encrypted. Keeping data encrypted not only prevents attackers from reading stored information, it is a requirement of compliance standards, such as HIPAA. Also, 60% of cloud storage services have logging disabled. Storage logging is critical when attempting to determine the scale of the damage in cloud incidents.
Cybercriminal groups are using the cloud for cryptojacking. These groups probably associated with China, including Rocke, 8220 Mining Group and Pacha, are stealing resources from the cloud and mining for Monero, probably through public mining groups or their own groups.
Cybercrime groups are using the cloud for cryptojacking, Adversary groups likely associated with China, including Rocke, 8220 Mining Group and Pacha, are stealing cloud resources and are mining for Monero, likely through public mining pools or their own pools.