Response time after alarm: 4 days and more!  

17 May 2023
| No comments
Response time after alarm: 4 days and more!

Share post

The Cloud Threat Report Volume 7 reveals: After an alert for a security team, attackers have up to 40 days to carry out their attack in 4 percent of cases. Attackers are helped by the 60 percent unpatched high or critical vulnerabilities.

The cloud attack surface is as dynamic as the cloud itself. As organizations around the world increasingly share, store, and manage data in the cloud, the attack surface for businesses is expanding exponentially. This expansion often happens in unknown, overlooked, or poorly secured ways. For attackers, every workload in the cloud represents an opportunity, and without proper management, organizations are exposed to myriad risks.

Target of attack: Everyday problems in the cloud

🔎 Only 40 percent respond to security alerts within 4 days (Image: Unit 42). 

While previous reports have focused on a single threat (e.g., identity access management, supply chain attacks, and container security), Unit 42 Cloud Threat Report Volume 7 “Navigating the Expanding Attack Surface” addresses a larger, broader problem: attackers are become adept at exploiting common, everyday problems in the cloud. These problems include misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open source software (OSS) packages.

The report provides a breakdown of two different real-world instances of cloud attacks observed by Unit 42 in 2022. After anonymizing and de-identifying victims, the researchers reveal how attackers exploited sensitive data leaked on the dark web and the business disruption caused by ransomware.

Important findings of the report

  • On average, it takes security teams 145 hours (about six days) to resolve a security incident. 60 percent of companies take more than four days to resolve security issues.
  • In most enterprise cloud environments, 80 percent of alarms are triggered by just XNUMX percent of security policies.
  • 63 percent of codebases in production have unpatched vulnerabilities rated high or critical (CVSS >= 7.0)
  • 76 percent of organizations do not enforce MFA for console users, while 58 percent of organizations do not enforce MFA for root/admin users.

Common monitoring measures in the cloud

Based on extensive data collected in 2022, the report examines real-world security breaches that affected medium-sized and large organizations. He describes the issues observed in thousands of multi-cloud environments and analyzes the impact of OSS vulnerabilities on the cloud. Specifically, the researchers analyzed the workloads across 210.000 cloud accounts across 1.300 different companies. As many companies now have multiple cloud implementations, the vulnerabilities are increasingly being targeted by attackers.

Do you have a moment?

Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!

You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.

Here you go directly to the survey
 

While user errors such as insecure configurations remain the main problem, Unit 42 researchers have also identified issues stemming from the ready-made templates and default configurations provided by cloud service providers (CSPs). While these settings and features are convenient and make it easier to adopt new technologies, they do not put users in the safest place to start.

Exemplary results:

  • 76 percent of organizations are not enforcing MFA for console users.
  • Sensitive data was found in 63 percent of publicly accessible storage buckets.

Cloud: risks of open source software (OSS)

Open source software was one of the driving forces behind the cloud revolution. However, the increasing use of OSS in the cloud also increases complexity - and with it the likelihood of obsolete or discontinued software, malicious content and slower patching cycles. This makes it the responsibility of end users to validate the OSS before integrating it into applications. This task is especially difficult when companies have to manage numerous projects, all of which depend on potentially thousands of OSSs.

Recommendations: Make life difficult for attackers

Enterprises should expect the attack surface for cloud-native applications to continue to grow as attackers find increasingly creative ways to attack the misconfiguration of cloud infrastructure, APIs, and the software supply chain itself.

To protect against these threats, the report provides practical guidance on closing the cloud security gaps, such as:

An automated backup process should be in place for all cloud workloads that would disrupt business operations in the event of a failure. Backups should be stored in protected locations isolated from the production environment across multiple geographic locations to avoid a single point of failure. All organizations should have business continuity and disaster recovery (BC/DR) plans that include the process of restoring from backups.

In addition, the researchers predict that the industry will move away from point security solutions towards cloud-native application protection platforms (CNAPPs) that offer a full spectrum of capabilities across the entire application development lifecycle. Gartner backs up this claim that there will be a significant uptick in CNAPP adoption, reporting a 70% increase in customer inquiries about CNAPPs between 2021 and 2022.

More at PaloAltoNetworks.com

 

About Palo Alto Networks

Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Cybercriminals are learning

Security researchers have released the 2024 Incident Response Report, which paints a worrying picture of increasing cyber threats. The findings are based on ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Stories
, , , , , , ,