RedLock’s latest cloud security report suggests that organizations are failing in the most basic security practices.
The enterprise is still ignoring the most basic security precautions when using cloud services, researchers claim.
On Thursday, RedLock released its annual cloud security report, which suggests that vulnerabilities in the cloud are being outright ignored, with poor database security and key leaks commonplace.
After analyzing customer environments, the cloud security firm said that roughly 38 percent of organizations in the enterprise have user accounts active which have potentially been compromised, and 37 percent of company databases allow inbound connections from the web, which is generally a poor security practice to implement.
In addition, seven percent of these databases are permitting requests from suspicious IP addresses, which suggests they have been compromised.
Throughout their research, the RedLock team discovered that at least 250 organizations, many of which far beyond the size of SMEs, which were leaking “access keys and secrets” from their cloud computing environments — a similar scenario to the recent Viacom security debacle.
According to the report, a total of 53 percent of companies which use cloud storage services such as the Amazon Simple Storage Service (Amazon S3) have accidentally exposed these services to the public, 45 percent fall short of CIS (Center for Internet Security) security standards and checks, and 46 percent of these violations are “high severity issues” including network configurations which allow inbound SSH connections from the Internet.
In addition, the enterprise players included in the research failed 48 percent of PCI data security standard checks on average, and 19 percent of failures were critical — such as failing to encrypt databases.
Hundreds of organizations are also leaking credentials through misconfigures services such as Kubernetes and Jenkins, the team claims, and a total of 64 percent of enterprise databases are not encrypted.
The researchers also found Kubernetes administrative consoles deployed on AWS, Microsoft Azure, and the Google Cloud Platform which was not password protected, and in some containers, threat actors were deploying illegitimate Bitcoin mining operations. This, in turn, has transformed legitimate business databases into bots generating revenue fraudulently.
In addition, access keys and secret tokens were discovered within Kubernetes instances that were stored in cleartext, granting attackers the opportunity to compromise critical infrastructure.
In total, 81 percent of companies do not manage host vulnerabilities in the cloud effectively. They may utilize vulnerability scanning tools, but fail to map the data from these tools to create a picture of cloud-specific content and threats, which may open the gates to compromise.
“Host vulnerability data needs to be correlated with host configurations in the cloud that can help identify the business purpose of the host and help prioritize patching,” the team says. “For example, is this host a webserver or a database server? Is it running in production or staging? In addition, the network traffic should be monitored to identify whether the vulnerabilities are actually exploitable.”
Awareness of data breaches, patching, and critical security practices may be on the up with the constant stream of security incidents constantly hitting the news, but based on RedLock’s findings, it seems that some areas — such as cloud services — are still not being given the attention they require. Unless the enterprise steps up its game, practices such as storing passwords in cleartext are asking for attackers to strike, and companies will have nothing to blame but itself in the case of compromise.