sb-nz logo
Story image

Cloud breaches set to increase in velocity and scale - Accurics

Cloud breaches are set to increase in velocity and scale, according to new research from security specialists Accurics. 

The company has released its Summer 2020 edition of the “Accurics State of DevSecOps” report, which highlights emerging security challenges as organisations adopt cloud native technologies. 

The new research reveals that cloud breaches will likely increase in velocity and scale, and highlights steps that can be taken to mitigate them.

“While the adoption of cloud native infrastructure such as containers, serverless, and servicemesh is fuelling innovation, misconfigurations are becoming commonplace and creating serious risk exposure for organisations,” says Accurics co-founder & CTO, Om Moolchandani. 

“As cloud infrastructure becomes increasingly programmable, we believe that the most effective defense is to codify security into development pipelines and enforce it throughout the lifecycle of the infrastructure," he says.

"The receptiveness of the developer community toward assuming more security responsibility has been encouraging and a step in the right direction.”  

The report reveals that misconfigured cloud storage services are commonplace in a stunning 93% of the cloud deployments analysed, and most also have at least one network exposure where a security group is left wide open. 

These issues will likely increase in both velocity and scale—and they’ve already contributed to more than 200 breaches over the past two years, the company says. 

One emerging problem area is that despite the broad availability of tools like HashiCorp Vault and AWS Key Management Service (KMS), hardcoded private keys turned up in 72% of the deployments analysed. 

Specifically, unprotected credentials stored in container configuration files were found in half of these deployments, which is an issue given that 84% of organisations use containers. 

Going one level deeper, 41% of the organisations had high privileges associated with the hardcoded keys and were used to provision compute resources; any breach involving these would expose all associated resources. Hardcoded keys have contributed to a number of cloud breaches.

According to the report, network exposures resulting from misconfigured routing rules posed the greatest risk to all organisations. In 100% of deployments, an altered routing rule exposed a private subnet containing sensitive resources, such as databases, to the Internet.

Automated detection of risks paired with a manual approach to resolution is creating alert fatigue, and only 6% of issues are being addressed. An emerging practice known as Remediation as Code, in which the code to resolve the issue is automatically generated, is enabling organisations to address 80% of risks.
 
Accurics has long advocated the philosophy of managing risk early in the development lifecycle. Implementation of best practices such as encrypting databases, rotating access keys, and implementing multi-factor authentication ensures enhanced hygiene, it says.

Automated threat modelling is also needed to determine whether changes such as privilege increases, and route changes introduce breach paths in a cloud deployment. 

As organisations embrace Infrastructure as Code (IaC) to define and manage cloud-native infrastructure, codifying security into development pipelines becomes possible and can significantly reduce the attack surface before cloud infrastructure is provisioned.

 The new report makes the case for establishing the IaC as a baseline to maintain risk posture after cloud infrastructure is provisioned. Continuous assessment of new cloud resources and configuration changes against the baseline will surface new risks. If a change is legitimate, update the IaC to reflect the change; if it’s not, redeploy the cloud from the baseline. This practice of eliminating risk posture drift is known as Immutable Security.

Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Netlinkz revenue surges 846% as secure enterprise cloud technology gains traction
Executive chairman James Tsiolis believes this growth is the start of something much bigger.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More