More than 40,000 cloud container platforms are using default, un-secured, out-of-the-box configurations that allow them to be identified using simple search terms such as “Docker” and “Kubernetes,” the platforms’ names themselves, a recent report from Palo Alto Networks threat intelligence Unit 42 said.
While the figure reflects the growing popularity of containers it also adds to an increasing number of cloud security issues, as detailed in Unit 42’s Cloudy with a Chance of Entropy report. The study analyzed data from January 2018 to June 2019 to assess cloud-related security threats.
“Cloud service providers (CSPs) maintained their sterling reputation for platform security as only a very small percentage of the incidents could be directly attributed to the providers,” the report said. But platform-as-a-service and infrastructure-as-a-service customers aren’t up to par on security basics. “Although many IT and security organizations conceptually understand , our research shows there is a breakdown when putting this concept into practice,” Unit 42 said.
Public Cloud Services: 35 Million Vulnerabilities
The researchers uncovered nearly 35 million vulnerabilities across leading cloud service providers, including 29 million in Amazon Elastic Compute, 7 million in Microsoft’s Azure Virtual Machine, and 4 million in Google Compute Engine. These vulnerabilities target the applications customers deploy to CSP infrastructure, such as outdated Apache servers and vulnerable jQuery packages and could be avoided, the report said.
It’s not like hackers don’t know what’s up. Common cloud misconfigurations make for an easy target. In the last year and a half, 65 percent of publicly disclosed cloud security incidents were due to misconfigurations, and 25 percent arose from account compromises, according to Unit 42’s figures.
With cloud-based malware attacks becoming more commonplace, Unit 42 has begun reporting on cyber crime groups, such as the Rocke crew, that targets public clouds. The challenge in detecting these types of attacks is that security tools deployed in cloud environments often lack integrated threat intelligence feeds.
“Security teams need to understand the core requirements for securing modern applications and workloads in the cloud,” Unit 42 said.
Public Cloud Services: Security Recommendations
The researchers’ recommendations:
- Ensure your security teams can access a real-time view across virtual machines, containers, and serverless applications. Maintaining visibility into diverse computer paradigms can be a challenge but it is critical.
- Integrate security into DevOps workflows to allow your security teams to scale their efforts in an automated way. Developers have a lot of power in the cloud, and your security needs to be able to keep up.
- Harden your applications and workloads. Although some security requirements fall to CSPs as part of the Shared Responsibility Model, your security teams are still responsible for configuration and compliance of individual workloads, containers, and functions, including platforms like Kubernetes.
- Maintain run-time protection. As your organization’s cloud footprint grows, being able to automatically model and whitelist application behavior becomes a powerful tool for securing cloud workloads against attacks and compromises.