SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Widespread Zero Touch Attacks Against Cloud Native Apps Found

September 13, 2018

Twistlock released its first biannual state of cloud native security report, entitled Watching the Honeypots.

In this report, Twistlock Labs researchers analyzed deployments of common cloud native applications and ran honeypots to collect data on risk factors and attack patterns against cloud native services. The report shows that while over 60 percent of cloud native services are not kept up to date automatically, over 90 percent of attacks are automatically executed against outdated code and known CVEs.

"Adoption of cloud native technologies gives organizations a chance to build and deploy software faster, and scale and manage deployments with ease. But this speed and agility is often coming at the expense of foundational security practices," said Dima Stopel, Twistlock co-founder and VP Research & Development. "Organizations need to build automatic enforcement of security into their application pipelines both to prevent vulnerable code from reaching production, but also to quickly triage and patch new risks in production."

Key findings include:

-Surveying the top cloud native applications, 25 percent were running with CVEs where a known exploit exists.

-MySQL was the most likely to be out of date, with over 80 percent of deployments being at least one version behind. Overall, 60 percent of all cloud native apps are not patched to the latest version.

-Over 90 percent of detected attacks were automatically executed zero touch hacking that focuses on brute force or known exploits.

-China plays a significant role in the modern threat landscape with over 60 percent of detected attacks against cloud native applications originated from Chinese IP ranges.

Terms of Use | Copyright 2002 - 2018 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement