Palo Alto Networks identifies 34+ million vulnerabilities across AWS, Azure and GCP


Unit 42 (the Palo Alto Networks threat intelligence team) has released its Cloud Threat Risk Report, which highlights key insights from public cloud incidents spanning the first half of 2019 (January – June 2019).

The report reveals that a lack of basic security expertise and customer mistakes continue to be the biggest driver of cloud security incidents and overall cloud-related vulnerabilities – and this problem will only get worse as cloud adoption grows and these environments become increasingly complex.

Key findings include:

  • Poor patching habits are creating vulnerabilities: Unit 42 identified more than 34 million vulnerabilities across AWS, Azure and GCP, underlying the need for prioritisation of patching.
    • 29,128,902 million vulnerabilities in AWS EC2
    • 1,715,855 million vulnerabilities in Azure Virtual Machine
    • 3,971,632 million vulnerabilities in GCP Compute Engine
  • Data exposure rising with container adoption: Unit 42 discovered more than 40,000 container platforms using default configurations exposed to the internet, allowing for identification using the simplest of search terms.
    • 23,354 Docker containers
    • 20,353 Kubernetes containers
  • Cloud complexity yielding low-hanging fruit for attackers: Over the last 18 months, 65 per cent of reported incidents were due to misconfigurations, leading to data leakage being the #1 outcome of attacks on cloud infrastructure.
  • Malware extending its reach to the cloud: Unit 42 found 28 per cent of organisations communicating with malicious cryptomining C2 domains operated by the threat group Rocke. Unit 42 has been closely tracking the group and noted the group’s unique tactics, techniques and procedures (TTPs), giving them the ability to disable and uninstall agent-based cloud security tools.

The report can be downloaded here: