3 in 5 firms take longer than 4 days to fix security issue

As cloud adoption continues to surge, with a projected market size of $830 billion in 2025, threat actors are increasingly targeting common vulnerabilities in the cloud, threat actors are looking to exploit common issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities and malicious OSS packages. 

This is from the findings of the latest edition of Palo Alto Networks’ Unit 42 Cloud Threat Report, which looked at more than 1,300 organisations and analysed the workloads in 210,000 cloud accounts, subscriptions, and projects across all major cloud service providers.

Steven Scheurmann, Palo Alto Networks’ VP in ASEAN, said that cloud-ready security measures such as the Zero Trust approach must be implemented to help businesses identify and neutralise threats in real-time. 

“As cloud usage increases in the Philippines and around the world, threat actors take advantage of undiscovered weaknesses and vulnerabilities in this technology to attack organizations,” said Scheurmann. 

Key findings also show that cloud users repeat common mistakes, which trigger most security alerts. In most organisations’ cloud environments, 5% of the security rules trigger 80% of the alerts. Organisations have a small set of risky behaviours in their cloud workloads, such as unrestricted firewall policies, exposed databases, and unenforced MFA.

Security alerts take too long to resolve at it takes an average of 145 hours (six days) for security teams to resolve an alert, providing a lengthy window of opportunity for potential adversaries.

The study found that sensitive data in the cloud is at risk as it is found in 66% of storage buckets and 63% of publicly exposed storage buckets, and is vulnerable to insider and external threats. The lack of insight into stored information makes it difficult to protect sensitive data from being accidentally leaked.

Also, leaked credentials are pervasive and central to cloud breaches as 83% of organisations have hard-coded credentials in their source control management systems, and 85% have hard-coded credentials in virtual machines’ user data. Credential access continues to be a common tactic across all cloud threat actors.

MFA is not enforced for cloud users, as 76% of organisations don’t enforce MFA for console users, and 58% don’t enforce MFA for root/admin users, making console access susceptible to brute-force attacks.

Further, attacks on software supply chains are on the rise as more than 7,300 malicious OSS packages were discovered in 2022, impacting tech giants and other organisations.

Managing code dependencies is challenging, as 51% of codebases depend on over 100 open-source packages, and only 23% are directly imported by developers. Vulnerabilities are introduced by non-root packages, which can pose risks to the entire cloud infrastructure.

Finally, unpatched vulnerabilities are a low-hanging fruit for attacks, with 63% of codebases in production and 11% of public cloud hosts have high or critical unpatched vulnerabilities, posing risks to the entire cloud infrastructure.