"Attackers Can Compromise Most Cloud Data in Just 3 Steps"

Orca Security conducted an analysis of data collected from major cloud services, finding that attackers only need three steps on average to gain access to sensitive data, with the most common starting point being the exploitation of a known vulnerability. Although much of the security discussion has centered on company misconfigurations of cloud resources, cloud providers have often been found to be slow in patching vulnerabilities, according to Avi Shua, CEO and co-founder of Orca Security. It is essential to fix the root causes, which is the initial vector, and to increase the number of steps that the attacker must take to get to sensitive data. Proper security controls can ensure that even if an initial attack vector exists, such data is not accessible. The report examined data from Orca's security research team using data from billions of cloud assets on AWS, Azure, and Google Cloud, which the company's customers scan on a regular basis. Data collected in the first half of 2022 included cloud workload and configuration data, environment data, and asset information. The study discovered a few issues with cloud-native architectures. On average, 11 percent of cloud assets owned by cloud providers and their customers were deemed "neglected," as they had not been patched in the previous 180 days. Containers and virtual machines, the most common components of such infrastructure, accounted for more than 89 percent of the cloud assets that were overlooked. Since the average container, image, and virtual machine had at least 50 known vulnerabilities, fixing vulnerabilities may be the most pressing issue. About 78 percent of attacks begin with the exploitation of a known vulnerability. Furthermore, a tenth of all businesses have a cloud asset running software with at least a vulnerability that is at least 10 years old. This article continues to discuss key findings from Orca Security's analysis of cloud services. 

Dark Reading reports "Attackers Can Compromise Most Cloud Data in Just 3 Steps"

Submitted by Anonymous on