Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto Networks’ Unit 42 found in its latest Attack Surface Threat Research.
The report, published on September 14, 2023, outlined the most common cloud security flaws, of which 60% come from web framework takeover (22.8%), remote access services (20.1%) and IT security and networking infrastructure (17.1%).
New Services Prove to Be a Big Issue
It also highlighted how constant changes in cloud offerings significantly impact the end-users’ exposure.
The researchers found that over 45% of most organizations’ high-risk, cloud-hosted exposures in a given month were observed on new services that hadn’t been present on their organization’s attack surface in the month prior.
This finding wouldn’t be too concerning if cloud providers weren’t so volatile. But they are: Unit 42 estimated that, on average, over 20% of externally accessible cloud services change monthly.
This volatility is even more acute in the transport & logistics and insurance & financial sectors, where organizations must deal with 27% and 24% of cloud offerings evolving on a monthly basis.
How to Mitigate Cloud Vulnerabilities
To protect against these types of attack surface vulnerabilities, Unit 42 suggested that organizations consider an attack surface management program to continuously discover, prioritize and remediate exposures on their attack surface.
The threat research team also provided a list of mitigation recommendations. These include:
- Maintain a comprehensive, real-time understanding of all internet-accessible assets, including cloud-based systems and services.
- Regularly review and update cloud configurations, aligning with best practices to mitigate security risks.
- Foster collaboration between security and DevOps teams to secure cloud-native application development and deployment.
- Focus on addressing the most critical vulnerabilities and exposures, such as those with a high Common Vulnerability Scoring System (CVSS) score – which accounts for severity – and an Exploit Prediction Scoring System (EPSS) score – which accounts for likelihood – to reduce the chance of successful cyberattacks.