As both the private and public sectors continue to move to the cloud, they must ensure that cybersecurity is at the forefront of that transition. In a report released today, Palo Alto Networks found that “vulnerabilities in the development of cloud infrastructure are creating significant security risks.”
“It only takes one misconfiguration to compromise an entire cloud environment,” said Matthew Chiodi, chief security officer of public cloud for Palo Alto Networks.
In its Spring 2020 Cloud Threat Report, Palo Alto found that “as organizations move to automate more of their cloud infrastructure build processes, they are adopting and creating new infrastructure as code (IaC) templates.” However, if they don’t deploy the right security tools and processes, their infrastructure building blocks are being developed with “rampant” vulnerabilities.
The report, which is based on a combination of publicly available data from GitHub and Palo Alto’s own data, found that there were more than 199,000 insecure templates in use. The report noted that in previous research Palo Alto found that the majority (65 percent) of cloud incidents were due to “simple misconfigurations.” The report further explains that “without secure IaC templates from the start, cloud environments are ripe for attack.”
On top of that, nearly half (43 percent) of cloud databases lack any encryption. Palo Alto compared a lack of encryption to having a house with glass walls – anyone is able to see what is happening inside. “Keeping data encrypted prevents attackers from reading the information stored,” the report said. While encryption is just good cyber hygiene practices, the report pointed out that encryption of data is also a requirement of many compliance standards, such as Payment Card Industry Data Security Standard and Health Insurance Portability and Accountability Act.
Given that many cybersecurity experts view attacks as an inevitability, organizations need to have tools in place to understand the scale and damage of attacks. One such tool is logging, which Palo Alto describes as “critical when attempting to determine the scale of the damage in cloud incidents.” However 60 percent of cloud storage services have logging disabled.
The report also examined how the cloud is being attacked, noting that cybercriminals are using cryptojacking. Cryptojacking is a new form of malware that hides on a computer or smartphone to use its resources to mine cryptocurrencies. The report specifically said that groups “likely associated with China,” including Rocke, 8220 Mining Group and Pacha are stealing cloud resources to mine for cryptocurrency Monero.