Evolving Risks, Insecure Defaults, Watering Hole Threats: New Research from Accurics Uncovers Developing Sources of Cloud Risk
As demonstrated by a recent high-profile hack, attackers increasingly strive to leverage weaknesses that enable them to deliver malware to end users, gain unauthorized access to production environments or their data, or completely compromise a target environment. This strategy is known as a watering hole attack, and Accurics researchers have seen them emerge in cloud environments where they can cause even more damage. This is partly because development processes in the cloud that leverage managed services are not hidden inside the organization as they are in on-premise environments – in fact, they’re largely exposed to the world. When criminals are able to exploit misconfigurations in development pipelines, it can spell disaster not only for the company but also its customers. To address this risk, enterprises should assume the entire development process is easily accessible, and restrict access to only the users who need it.
“Cloud native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications,” said Accurics Co-founder, CTO & CISO Om Moolchandani. “Our research indicates that teams are rapidly adopting managed services, which certainly increase productivity and maintain development velocity. However, these teams unfortunately aren’t keeping up with the associated risks – we see a reliance on using default security profiles and configurations, along with excessive permissions. Messaging services and FaaS are also entering a perilous phase of adoption, just as storage buckets experienced a few years ago. If history is any guide, we’ll start seeing more breaches through insecure configurations around these services.”
On average, the research reveals that the mean time to remediate issues (MTTR) for violations is 25 days across all environments – a luxury for potential attackers. In this report, MTTR is particularly important as it pertains to drift – when configuration changes occur in runtime, causing cloud risk posture to drift from established secure baselines. For drifts from established secure infrastructure postures, the MTTR is 8 days overall.
Even organizations that establish a secure baseline when infrastructure is provisioned will experience drift over time, as happened in another well-publicized breach. While in this case the AWS S3 bucket was configured correctly at the time it was added to the environment in 2015, a configuration change made five months later to fix a problem was not properly reset once the work was complete. This drift went undetected and unaddressed until it was exploited nearly five years later.
The Accurics report also finds that:
● Kubernetes users who try to implement role-based access controls (RBAC) often fail to define roles at the proper granularity. This increases credential reuse and the chance of misuse – in fact, 35% of the organizations evaluated struggle with this problem.
● In Helm charts, 48% of problems came about through insecure defaults. Improper use of the default namespace – where system components run – was the most common mistake, which could give attackers access to the system components or secrets.
● Identity and Access Management defined through Infrastructure as code (IaC) in production environments was seen for the first time, and more than a third (35%) of the IAM drifts detected in this report originate in IaC. This indicates a rapid adoption of IAM as Code, which could lead to risk of misconfigured roles.
● Hardcoded secrets represent almost 10% of violations identified; 23% correspond to poorly configured managed services offerings.
● Of the organizations tested, 10% actually pay for advanced security capabilities that are never enabled.
● While the average time to fix infrastructure misconfigurations was about 25 days, the most critical portions of the infrastructure often take the most time to fix – for example, load-balancing services take an average of 149 days to remedy. Since all user-facing data flows through these resources, they should ideally be fixed the fastest, not the slowest.
Protecting cloud infrastructure requires a fundamentally new approach that embeds security earlier in the development lifecycle and maintains a secure posture throughout. The cloud infrastructure must be continuously monitored in runtime for configuration changes and assessed for risk. In situations where configuration change introduces a risk, the cloud infrastructure must be redeployed based on the secure baseline; this will ensure that any risky changes made accidentally or maliciously are automatically overwritten. With new attacks emerging and ongoing risks continuing to plague organizations, cloud cyber resilience is now more important than ever, and configuration hygiene is critical.
Download a copy of the Accurics Cloud Cyber Resilience Report at http://bit.ly/cloudcyber.
CONTOS DUNNE COMMUNICATIONS
+1 408-776-1400 (o)
Paula Dunne +1 408-893-8750 (m)
At Accurics™, we envision a world where organizations can innovate in the cloud with confidence. Our mission is to enable cyber resilience through self-healing as organizations embrace cloud native infrastructure. The Accurics platform self-heals cloud native infrastructure by codifying security throughout the development lifecycle. It programmatically detects and resolves risks across Infrastructure as Code before infrastructure is provisioned, and maintains the secure posture in runtime by programmatically mitigating risks from changes. Accurics enables organizations of all sizes to achieve cloud cyber resilience through free cloud-based and open source tools such as Terrascan™.
This release was published on openPR.
Permanent link to this press release:
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release Evolving Risks, Insecure Defaults, Watering Hole Threats: New Research from Accurics Uncovers Developing Sources of Cloud Risk here
News-ID: 2246662 • Views: 153
More Releases from Accurics
Accurics updates open source Terrascan to help orgs detect and fix risks in Kube …
Terrascan extends Policy as Code to Kubernetes September 16, 2020 Accurics is excited to announce Terrascan v1.1.0, with Kubernetes (k8s) support! Cloud native apps and infrastructure are notoriously complex and difficult to secure with traditional tools, and kubernetes adds automation and orchestration that escalate those problems to another level. Practically speaking, security automation is mandatory because it’s not realistic to expect humans to comprehend such complex, dynamic environments. Terrascan is an
More Releases for Cloud
Cloud Storage Market
Cloud storage is a complete solution package, which includes software and services to manage, maintain, and store data in a virtual environment. It helps both large and small & medium enterprises to store and access relevant information from data center through the Internet. These data centers are maintained at distant places and are connected through networks, which enable the users to access information using the Internet. Cloud storage gives additional
Global Cloud Storage Market
Global Cloud Storage Market – Industry Analysis and Forecast (2017-2026) – by Type, Deployment Model, Organization Size, Vertical, and Geography. Global Cloud Storage Market was valued US$ 35.1 Bn in 2017 and is expected to reach US$ 197.4 Bn by 2026, at a CAGR of 25.99% during forecast period. Cloud storage is allowing enterprises to store information on remote servers which can be accessed using internet. These remote servers are operated, maintained
Government Cloud Market
Government Cloud Market valued USD 14.05 Billion in 2016 and expected to reach USD 34.9 Billion by 2024, at a CAGR of 12.1%. Report includes assessment of market definition along with the identification of key players and analysis of their strategies, complete quantitative analysis of the industry from 2016 to 2024 to enable the stakeholders to capitalize on the prevailing market opportunities, market analysis and comprehensive segmentation with respect to the
Healthcare Cloud Computing Market -
Healthcare Cloud Computing is a broad, proactive endpoint security solution designed to supplement the existing defenses. It is a cyber-security technology that informs the need for constant monitoring and response to advanced threats. This advanced system measure shifts of security from a reactive threat approach to one that can detect and prevent threats before they even reach the organization. Growing cases of enterprise endpoint targeted attacks and necessity to mitigate it
Cloud Security Market
Cloud Security Market size is characterized by increasing popularity of cloud-based services and their adoption by SMEs, rising incidences of cyber-crimes, and concerns related to data security and confidentiality. Also, favorable government initiatives and regulations for enforcing and ensuring the adoption of cybersecurity measures are expected to contribute significantly to the cloud security market growth over the forecast period. Request for an in-depth table of contents for this report @
Healthcare Cloud Computing Market
Globally, the healthcare cloud computing market is witnessing significant growth due to increased government healthcare IT spending and advanced features of cloud computing services In addition, rising demand for better healthcare facilities, increasing in popularity of wireless and cloud technologies are driving the healthcare cloud computing market. However, factors such as high cost involved in the implementation of clinical information systems and lack of security and privacy of patient’s information