{"id":1027,"date":"2020-02-06T15:07:20","date_gmt":"2020-02-06T11:07:20","guid":{"rendered":"https:\/\/www.techxmedia.com\/?p=1027"},"modified":"2025-04-18T00:01:38","modified_gmt":"2025-04-17T20:01:38","slug":"unit-42cloud-threat-report","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/unit-42cloud-threat-report\/","title":{"rendered":"Unit 42, spring 2020 edition of Cloud Threat Report"},"content":{"rendered":"\n<p>Unit 42 (the <a href=\"https:\/\/techxmedia.com\/tag\/PaloAlto\/\">Palo Alto Networks<\/a> threat intelligence team) released the Spring 2020 edition of Cloud Threat Report, which aims to uncover where cloud vulnerabilities are surfacing in the threat landscape among the widespread shift to cloud infrastructure. Please click here to see the\u00a0<a href=\"https:\/\/unit42.paloaltonetworks.com\/cloud-threat-report-intro\/\" target=\"_blank\" rel=\"noreferrer noopener\">executive summary<\/a>\u00a0of the report.<\/p>\n\n\n\n<p><strong>Key findings include:<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"is-style-default wp-block-list\"><li><strong>Poor cloud security practices are      rampant:<\/strong>&nbsp;43% of      cloud databases are not encrypted and 60% of cloud storage systems have      logging disabled. Unencrypted cloud databases can lead to data breaches, with&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/techcrunch.com\/2019\/08\/20\/moviepass-thousands-data-exposed-leak\/\" target=\"_blank\">MoviePass<\/a>&nbsp;a recent example. With cloud logging disabled, attackers could enter a cloud storage system      and organizations would never know.<\/li><li><strong>Organizations are not embracing&nbsp;<\/strong><a rel=\"noreferrer noopener\" href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-devsecops\" target=\"_blank\"><strong>DevSecOps<\/strong><\/a><strong>:<\/strong>&nbsp;Nearly      200,000 Infrastructure as Code (IaC) templates have high and medium      severity vulnerabilities. IaC templates are the basic foundation of a      cloud environment. They allow organizations to build and run scalable applications dynamically. Most IaC templates are created through a simple three-step process: design, code, and deploy. What\u2019s getting many DevOps teams in trouble is the missing fourth step &#8212; scanning for security issues. When IaC templates are not scanned for security issues, they can unnecessarily expose an organization\u2019s cloud environment to attackers. This can lead to misconfigurations, which is the leading cause for cloud data breaches.<\/li><li><strong>Cyber crime groups are using the cloud for cryptojacking:<\/strong>&nbsp;Adversary groups including Rocke, 8220 Mining Group and Pacha are stealing cloud resources from organizations to mine for Monero, likely through public mining pools or their own mining pools. These cryptojacking attacks help these groups fund their cyber crime operations.<\/li><\/ul>\n\n\n\n<p><strong>Security Best Practices<\/strong><\/p>\n\n\n\n<ul class=\"is-style-default wp-block-list\"><li><strong>Get and Maintain Multi-Cloud Visibility:<\/strong>&nbsp;It is very difficult to secure what is not visible or known. Security teams need to take the lead in advocating for cloud native security platforms (CNSPs), which provide visibility across public, private, and hybrid clouds in addition to containers, serverless deployments, and CI\/CD pipelines.<\/li><li><strong>Enforce Standards:&nbsp;<\/strong>Cloud-scale security requires strict      enforcement of standards across public, private, and hybrid cloud      environments. If your organization does not yet have a cloud security      standard, check out the benchmarks (\u200bcisecurity.org\/cis-benchmarks\u200b) created by the Center for Internet Security (CIS). Paper standards are a great start, but they also need to be consistently enforced without the need to create and maintain the tools that do it.<\/li><\/ul>\n\n\n\n<p><strong>Shift Left:&nbsp;<\/strong>Shift-left security is\nabout moving security to the earliest possible point in the development\nprocess. Work with DevOps teams to get your security standards embedded in IaC\ntemplates. This is a win-win for DevOps and security teams.&nbsp;\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>43% of      cloud databases are not encrypted and 60% of cloud storage systems have      logging disabled. Unencrypted cloud databases can lead to data breaches,      with MoviePass a recent example.<\/p>\n","protected":false},"author":8,"featured_media":942,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9618,9621],"tags":[],"contributor":[],"class_list":["post-1027","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-editors-pick","category-emerging-technologies"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2020\/02\/Cyber-crime.png","author_info":{"display_name":"Rabab","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=1027"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1027\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/942"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=1027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=1027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=1027"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=1027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}