34 Vulnerabilities in AWS, Google Cloud, and Azure due to deployed applications to the clouds
A new report form Unit 42 covering the period from January 2018 to June2019, threat intelligence team Palo Alto Networks Inc has discovered 34 Million vulnerabilities across leading cloud service providers, including Amazon Web Services Inc’s Elastic Computer Cloud (more than 29 Million), Google Computer Engine (4 million approx) and Microsoft Corp’s Azure Virtual Machine (1.7 million).
According to the researchers, the vulnerabilities were not the result of cloud providers themselves but the applications that Customers on the Cloud. Outdated Apache servers and vulnerably jQuery packages are the major reasons for the vulnerabilities.
Growing containers is also one of the reasons behind the vulnerabilities. By using default configurations, Unit 42 found more than 40,000 containers (23,000 Docker containers and 20, 000 kubernet containers) exposed to the Internet.
“Research reveals more than 40,000 container systems operate under default configurations. This represents nearly 51% of all publicly exposed Docker containers. Many of the systems identified allowed for unauthenticated access to the data they contained. Palo Alto Networks recommends at least placing every container with sensitive data behind a properly configured security policy or an external-facing firewall that prevents access from the internet”, — report researchers from Palo Alto Networks.
Hackers are aware of the situation. As the report says, about 65% of all cloud related incidents happened in between Feb 2018 and June 2019 were the result of miss-configuration. What is reported in Palo Alto Networks: –
“Organizations that had at least one Remote Desktop Protocol (RDP) service exposed to the entire internet amounted to 56%, despite the fact that all major cloud providers natively give consumers the ability to restrict inbound traffic”.
The surprised finding of the report was the widespread detection of possible cryptomining malware. As the report found, 28% of organizations communicating with domains were operated by Chinese Cryptomining operations group named –Rocke threat group. This group also undertakes criminal activities for hacking and ransomware and so it doesn’t essential that the 28% were only crypto-mining viruses. But, this indicates something widespread level of infection.
“Security teams must ensure that the golden template used by AWS, GCP, Docker or Kubernetes to deploy production systems is configured to use the latest security patches and versions as directed by the application vendor,” the report concluded. “This will ensure organizations are performing their due diligence in maintaining secure environments and raising the overall security hygiene of their cloud infrastructure.”