Israeli-American YL Ventures’ portfolio company Orca Security recently released its 2020 “State of the Union” report regarding public cloud security. The report noted that with the increase of organizations across various industries transitioning more and more of their assets to the public clouds of Amazon, Microsoft, and Google, Orca found that this rapid transition, in some cases, is not followed by a process, leaving numerous paths open for damaging exploitation. Cloud estates are being breached through their weakest links of neglected internet-facing workloads, widespread authentication issues, discoverable secrets and credentials, and misconfigured storage buckets.
Imagine renting a warehouse, filling it with all your most prized possessions and leaving the backdoor open for any curious eyes to check out the goods. This is what is happening in the cloud environment today. Just as AWS, Microsoft Azure, and Google Cloud Platform (GCP) secure their platforms, active customers of these cloud services are responsible for managing their cloud and data security within these infrastructures. Such shared responsibility poses a serious challenge due to the speed and frequency of public cloud deployments.
Orca Security’s 2020 State of Public Cloud Security Report analyzed data from more than two million scans of 300,000 public cloud assets running on AWS, Azure, and GCP. Scanned accounts represented Orca’s customer base across numerous industries including financial services, professional services, travel, cloud computing, online marketplaces, entertainment, real estate, and more. The public cloud scans ran from November 6, 2019, to June 4, 2020.
In most cases when dealing with cloud-security, the responsibility to properly protect the cloud workload falls on the shoulders of an organization’s IT team, which is in charge of installation and maintenance of security agents throughout the uploaded assets. However, the IT teams are not always involved or notified with every cloud deployment or action, leaving them cloud-security teams severely lacking visibility across the organization’s cloud activity, resulting in missed vulnerabilities and attack vectors.
“While organizations must secure their entire estate, attackers only need to find a single weak link to exploit,” said Orca Security CEO and co-founder Avi Shua. “It’s imperative for organizations to have 100 percent public cloud visibility and know about all neglected assets, weak passwords, authentication issues, and misconfigurations to prioritize and fix. The Orca Security 2020 State of Public Cloud Security Report shows how just one gap in cloud coverage can lead to devastating data breaches.”
Attackers look for vulnerable front line workloads to gain entrance to cloud accounts and expand laterally within the environment. While security teams need to secure all public cloud assets, attackers only need to find one weak link to wreak havoc.
Amongst the study’s findings, neglected internet-facing workloads were found to be a major issue, as more than 80% of companies were found with at least one workload running on an unsupported operating system or has remained unpatched for 180 days or longer. While 60% of the companies from the report have at least one neglected workload that has reached its end of life and is no longer supported by manufacturer security updates, and almost 50% hold at least one unpatched publicly accessible web server.
Furthermore, the 2020 Public Cloud Security report highlighted the big problem surrounding authentication and credential issues as yet another route that hackers look to breach your public cloud domain. A whopping 44% of organizations have internet-facing workloads containing secrets and credentials that include clear-text passwords, API keys, and hashed passwords that allow lateral movement across their environment. While others avoid using multi-factor authentication for the super admin user, and 5% just use weak or leaked passwords to protect cloud workloads.
All weak links combine to pose serious cloud security and lateral movement attack risk for any organization. By now, attackers have a pretty good idea of how they can cover critical data searches from within the organization’s cloud environment, by taking advantage of the off-secured internal servers rather than breaching through fortified internet-facing servers. The security posture of internal machines is much worse than internet-facing servers, with 77 percent of organizations having at least 10 percent of their internal workloads in a neglected security state. Additionally, six percent of internet-facing assets contain SSH keys that could be used to access adjacent systems.
“Cloud computing is far more than technology. It provides the capability to move faster and the notion that you can gain high-velocity progress no matter the cost. Our research discusses how shadow IT exists in the cloud of most organizations and leads to neglected assets and an unmaintained configuration. This is particularly problematic because it serves as the preferred target for hackers and provides the main breaching point they use to gain access. This is especially true in Israel, given the country’s position as “the Start-up Nation” at the forefront of much of the world’s technological advancement. Nonetheless, maintaining high-velocity progress and safety can bring on coexistent. Organizations simply need to source and apply tools that will eliminate the shadows and neglected assets in their cloud environments,” explains Shua in a conversation with Geektime.
Orca Security was founded in 2019 by Shua, a former CTO at Checkpoint, and Gil Geron, CTO at Orca. The company has over 30 employees working out of Israel and U.S. based offices.
Check out the full report here.