Widespread Zero Touch Attacks Against
Cloud Native Apps Found
September 13, 2018
released its first biannual state of cloud native security report,
entitled Watching the Honeypots.
In this report, Twistlock Labs researchers analyzed deployments of
common cloud native applications and ran honeypots to collect data on
risk factors and attack patterns against cloud native services. The
report shows that while over 60 percent of cloud native services are not
kept up to date automatically, over 90 percent of attacks are
automatically executed against outdated code and known CVEs.
"Adoption of cloud native technologies gives organizations a chance to
build and deploy software faster, and scale and manage deployments with
ease. But this speed and agility is often coming at the expense of
foundational security practices," said Dima Stopel, Twistlock co-founder
and VP Research & Development. "Organizations need to build automatic
enforcement of security into their application pipelines – both to
prevent vulnerable code from reaching production, but also to quickly
triage and patch new risks in production."
Key findings include:
the top cloud native applications, 25 percent were running with CVEs
where a known exploit exists.
-MySQL was the most likely to be
out of date, with over 80 percent of deployments being at least one
version behind. Overall, 60 percent of all cloud native apps are not
patched to the latest version.
-Over 90 percent of detected
attacks were automatically executed – zero touch hacking that focuses on
brute force or known exploits.
-China plays a significant role in
the modern threat landscape with over 60 percent of detected attacks
against cloud native applications originated from Chinese IP ranges.