2 min

Security researchers at Unit 42 claim to have found more than 34 million vulnerabilities with various cloud service providers. The vulnerabilities are in Amazon Web Services (AWS), Azure and the Google Cloud Platform (GCP).

The vulnerabilities are described in Unit 42’s Cloud Threat Risk Report, covering the first half of 2019. Unit 42 is the intelligence team of Palo Alto Networks. In total, the researchers found 29,128,902 vulnerabilities in Amazon EC2, 1,715,855 vulnerabilities in Azure Virtual Machine and another 3,971,632 vulnerabilities in GCP Compute Engine. The vulnerabilities come from the applications that customers deploy on the infrastructure of cloud service providers. These include outdated Apache servers and vulnerable jQuery packages.

According to the researchers, it is difficult to patchen, because many independent vulnerability management tools miss a part for cloud context, and remain scattered across multiple consoles. Unit 42 advises organizations to use tools to create a cloud-centered perspective.

Standard configurations

In addition to the many vulnerabilities in cloud services, Unit 42 also discovered that there are over 40,000 container platforms that operate with the standard configurations. That’s almost 51 percent of all publicly exposed Docker containers.

Many of these systems allow unverified access to the data they contain. Security researchers therefore recommend that every container of sensitive data be placed behind a properly configured security policy or an external firewall. In this way, access from the Internet should be prevented.

In addition, 65 percent of published cloud security incidents appear to be the result of incorrect configurations. In addition, 56 percent of organizations were found to have at least one Remote Desktop Protocol service that was exposed to the Internet, even though cloud services offer the option of restricting incoming traffic.

Malware to the cloud

Finally, it appears that also malware is expanding its reach to the cloud. According to the study, 28 percent of the organizations appear to be communicating with poor cryptomining C2 domains, which are managed by the threat group Rocke. To slow down such malware threats, Unit 42 recommends setting up timely and consistent patch schemes for cloud-based systems.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.