SYDNEY, Australia, Apr. 19, 2023 – Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today published Volume 7 of its Unit 42 Cloud Threat Report. The report looked at more than 1,300 organisations. It analysed the workloads in 210,000 cloud accounts, subscriptions and projects across all major Cloud Service Providers (CSP), providing a multifaceted view of cloud security to security leaders and practitioners.
With the rate of cloud migration showing no sign of slowing down—from USD $370 billion in 2021 and predicted to reach USD $830 billion in 2025 – threat actors are looking to exploit common issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities and malicious OSS packages.
“The complexity of managing hybrid and multicloud environments, paired with the fast evolution and growth of cloud workloads, continues to create significant opportunities for adversaries to gain a foothold in the cloud,” said Steve Manley, Regional Vice President ANZ at Palo Alto Networks. “As organisations store and manage more data in the cloud, the attack surface grows exponentially, often in unknown or improperly secured ways. Threat actors have become adept at exploiting common, everyday issues in the cloud, which is why, unlike previous reports that examined a single threat, this report zooms out to look at the bigger, more expansive problem.”
Some of the key findings from the report include:
- Cloud users repeat common mistakes, which trigger most security alerts. In most organisations’ cloud environments, 5% of the security rules trigger 80% of the alerts. Organisations have a small set of risky behaviours in their cloud workloads, such as unrestricted firewall policies, exposed databases, and unenforced MFA. Prioritising remediation of these issues can maximise security investments.
- Security alerts take too long to resolve. It takes an average of 145 hours (6 days) for security teams to resolve an alert, providing a lengthy window of opportunity for potential adversaries.
- Sensitive data in the cloud is at risk. Sensitive data is found in 66% of storage buckets and 63% of publicly exposed storage buckets, and is vulnerable to insider and external threats. The lack of insight into stored information makes it difficult to protect sensitive data from being accidentally leaked.
- Leaked credentials are pervasive and central to cloud breaches. 83% of organisations have hard-coded credentials in their source control management systems, and 85% have hard-coded credentials in virtual machines’ user data. Credential access continues to be a common tactic across all cloud threat actors.
- MFA is not enforced for cloud users. 76% of organisations don’t enforce MFA for console users, and 58% don’t enforce MFA for root/admin users, making console access susceptible to brute-force attacks.
- Attacks on software supply chains are on the rise. More than 7,300 malicious OSS packages were discovered in 2022, impacting tech giants and other organisations.
- Managing code dependencies is challenging. 51% of codebases depend on over 100 open-source packages, and only 23% are directly imported by developers. Vulnerabilities are introduced by non-root packages, which can pose risks to the entire cloud infrastructure.
- Unpatched vulnerabilities are a low-hanging fruit for attacks. 63% of codebases in production and 11% of public cloud hosts have high or critical unpatched vulnerabilities, posing risks to the entire cloud infrastructure.
Organisations should expect the cloud-native attack surface to expand as threat actors find new ways to target cloud infrastructure misconfigurations, APIs, and software supply chains. To enhance security against these threats, the industry will see a shift towards cloud-native application protection platforms (CNAPPs) that provide comprehensive capabilities throughout the application development process. This prediction is underscored by Gartner, which reported a 70% jump in client inquiries regarding CNAPPs from 2021-2022.
“Cloud technologies are maturing, and with cloud usage on the rise, threat actors are becoming smarter and more powerful every day, exploiting hidden weak spots and vulnerabilities. The wide adoption of Object Storage Service in the cloud drives risks even higher for businesses in the region, making it faster and easier to compromise the shared software supply chain and ambush large numbers of victims simultaneously,” says Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks. “For threat actors, the cloud presents an opportunity, and organisations are exposed to risk in countless ways without proper management. Organisations must therefore take a comprehensive platform approach to identify and eliminate threats in real-time before compromising the cloud environment.”
Download a copy of the “Unit 42 Cloud Threat Report, Volume 7.”
- Gartner® Market Guide for Cloud-Native Application Protection Platforms – Palo Alto Networks
- Unit 42 Cloud Threat Report, Volume 6 – Palo Alto Networks
- The State of Cloud-Native Security Report 2023 – Prisma Cloud
- Follow Palo Alto Networks on Twitter, LinkedIn, Facebook and Instagram.
About Unit 42
Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organisation that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach and respond to incidents in record time so that you get back to business faster. Visit paloaltonetworks.com/unit42.
About Palo Alto Networks
Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organisations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.
At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognised among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.
Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.