Cloudy with a Chance of Entropy

The word “cloud” continues to be popular in the industry lexicon since 2006 when Amazon . com Web Services (AWS) launched its Elastic Compute Cloud (EC2). The most recent Cloud Threat Report from Unit 42, that was released today, implies that organizations still have a problem with securing public cloud platforms some 13 years following the launch of EC2. The report highlights key insights on cloud threats according to intelligence collected from multiple data sources between The month of january 2018 and late June 2019.

Among other findings, the report shows:

• Shortcomings in on-premises patching routine is transporting to the cloud. Unit 42 found greater than 34 million vulnerabilities across various cloud providers (CSPs). These vulnerabilities result from the applications customers deploy to CSP infrastructure, for example outdated Apache servers and vulnerable jQuery packages. Researchers identified:

1. 29,128,902 vulnerabilities in Amazon . com EC2
2. 1,715,855 in Azure Virtual Machine
3. 3,971,632 in GCP Compute Engine

Patching is really a struggle, as numerous standalone vulnerability management tools lack cloud context and turn into scattered across multiple consoles. Organizations have to consolidate tools to create a cloud-centric view.

• Default and unsecured container configurations are rampant. Unit 42 research reveals greater than 40,000 container systems operate under default configurations. This represents nearly 51% of openly uncovered Docker containers. Most of the systems identified permitted for unauthenticated accessibility data they contained. We advise a minimum of placing every container with sensitive data behind a correctly configured security policy or perhaps an exterior-facing firewall that stops access from the web.
• Cloud complexity is yielding low-hanging fruit for attackers. Regarding openly disclosed cloud security occurrences, 65% were caused by misconfigurations. Organizations which had a minumum of one Remote Desktop Protocol (RDP) service uncovered towards the entire internet amounted to 56%, even though all major cloud providers natively give consumers the opportunity to restrict inbound traffic. This represents an chance to consolidate cloud-based network controls with well-established on-premises management systems.
• Adware and spyware has extended its achieve towards the cloud. Unit 42 found 28% of organizations contacting malicious cryptomining C2 domains run by the threat group Rocke. We've been carefully tracking the audience and noted the group’s unique tactics, techniques and operations (TTPs), providing them with the opportunity to disable and uninstall agent-based cloud security tools. Timely and consistent patching schedules for cloud-based systems are an expedient method to slow similar adware and spyware threats.