Attack Surface Management , Cloud Security , Identity & Access Management

Global Cloud Migration: Security Lessons Not Being Learned

Risky Behavior: Just 5% of Security Rules Trigger 80% of All Alerts, Study Finds
Global Cloud Migration: Security Lessons Not Being Learned
Image: Shutterstock

Attackers on average have been enjoying slightly more than six days to exploit an unmitigated vulnerability before security teams resolve it, despite research continuing to demonstrate how hackers begin exploiting flaws within hours - or even minutes - of a new security alert being disclosed, researchers warned.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

That time lag between a new vulnerability coming to light and when defenders lock it down is particularly problematic in the cloud, said Palo Alto's Unit 42 threat intelligence group. In particular, Unit 42 researchers have found that threat actors are becoming more adept at exploiting not just unpatched vulnerabilities, but also more common, everyday issues such as weak credentials and lack of authentication.

Projections from Gartner estimate worldwide end-user spending on cloud computing will grow to $592 billion this year.

Even so, analysis from Unit 42 suggests important lessons about security aren't being learned, remembered and applied. According to its analysis of workloads in 210,000 cloud accounts across 1,300 organizations, three-quarters of organizations don't enforce multifactor authentication for console users. Researchers found sensitive data in 63% of publicly exposed buckets.

Another finding from the report: Just 5% of security rules trigger 80% of the alerts. "In other words, every organization has a small set of risky behaviors that are repeatedly observed in their cloud workloads," Palo Alto wrote.

Researchers attribute some of that recurrence to IT and security teams' repeat reliance on ready-to-use templates and default configurations, via which basic errors or problems can be compounded. "Most organizations repeatedly make the same mistakes, such as unrestricted firewall policies, exposed databases and unenforced MFA, all of which likely originate from an isolated number of engineers and IaC templates," the report says, referring to infrastructure as code.

Unpatched vulnerabilities can give attackers a straightforward tactic for gaining initial access to a victim organization's internal IT environment. Nearly two-thirds of the codebases in production have unpatched vulnerabilities rated as being either high or critical in severity, which can facilitate attackers remotely executing malicious code of their choosing in the environment.

"New vulnerabilities can crop up at any time, and a single vulnerability can be propagated to multitudes of cloud workloads due to software dependency," Unit 42's report says. "This underscores the fact that no matter how secure the underlying cloud infrastructure is, vulnerable applications in the cloud open up potential attack vectors."


About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.