Cloud security teams fail to respond quickly to alerts, exposing organizations to potentially heightened cyber risks every day, warns a new Palo Alto Networks report.
Security vendors monitored tens of thousands of sensors deployed across different cloud service providers (CSPs), industries, countries, and organizations from public sources such as GitHub and the National Vulnerability Database (NVD).
resulting in Cloud Threat Report Volume 7 He warned that the attack surface of the cloud is growing rapidly, exacerbated by an increase in vulnerabilities and misconfigurations.
Read more about cloud security breaches: 4 in 5 companies hit by a major cloud security incident.
Palo Alto Networks found that security teams take an average of 145 hours (about 6 days) to resolve security alerts, with 60% of organizations taking 4 days or more. A previous Palo Alto study found that threat actors often begin exploiting newly disclosed vulnerabilities within hours, potentially exposing many companies to greater exposure. I was.
Unpatched vulnerabilities are by no means the only source of such alerts, but they are a common target for attackers. Unenforced vulnerabilities are rated as high or critical, and more than one-tenth (11%) of hosts exposed in the public cloud contain severe or critical bugs.
“In a cloud environment, a single source code vulnerability can be replicated across multiple workloads, posing risk to the entire cloud infrastructure,” warns the report.
Many of these vulnerabilities are in open source packages and have complex code dependencies that make them difficult to find and patch.
About half (51%) of the codebase depends on more than 100 open source packages, but only a quarter (23%) of the packages are directly imported by developers, the report claims. increase. The rest (77%) of required packages, often containing bugs, are introduced by “non-root packages” or dependencies.
Attackers are also exploiting the software supply chain at scale. According to the GitHub advisory database, over 7,300 malicious open source packages were found across all major package manager registries in 2022.
Elsewhere, the report found:
- Cloud users make the same mistakes over and over again. Only 5% of security rules trigger 80% of alerts. So if an organization can prioritize fixes like unrestricted firewall policies, published databases, and unenforced multi-factor authentication (MFA), it can improve her ROI on security.
- Sensitive data is regularly exposed in the cloud. Personally identifiable information (PII), financial records, and intellectual property are contained in 66% of storage buckets and 63% of public storage buckets.Lack of visibility into these hinders security efforts
- Leaked credentials are everywhere. Approximately 83% of organizations have credentials hard-coded into their source control management systems, and 85% have credentials hard-coded into their virtual machine user data. All Cloud Breachs Palo Alto Analyzed Involved Compromised Credentials
- Your organization is failing at MFA. Three-quarters (76%) of organizations do not enforce MFA for console users and 58% do not enforce MFA for root/admin users. This exposes consoles in particular to brute force attacks using credentials found on the dark web.
